My ix2 is EOL and doesn’t finish strong – or secure…

Disappointing finish for my Iomega StorCenter ix2. The second drive failed and it has been replaced with a Synology DiskStation DS212j with WD Red drives. (more on that later) I was doing some consolidation and cleaning of the computer room yesterday and I decided it was time to wipe some hard drives including the ix2 NAS.

The replacement WD Green and the old original 500GB Seagate spin up and after a few minutes I can login via the web interface. I go into the manage disk section and I’m excited to see there is an Erase Disks section under Manage Disks. The first message tells you that you’ll need to delete all the shares (including the built in ones?!) before using the wipe functionality. The second message talks about how securely erased your drives will be. For those of you who don’t know me – here is the setup..

iomega unsecure disk wipeSecure Erase:
All data is permanently erased and overwritten to prevent recovery, user information is removed, and the device is reset to factory defaults. Disk erase is a secure operation to ensure all data on your Iomega StorCenter device is irrecoverably deleted. The disk erase process overwrites all disks with random data to prevent recovery of existing or deleted data, users, and passwords.

…and the outcome? Well I clicked it, confirmed it, and watched as the red light came on and the drives started to chug. Just like when it gets stuck doing a rebuild, I wanted to see what it was up to. I was also curious if this would affect my ability to SSH into the machine. Not only could I still log in to the ix2, I found the program that it was running to wipe the drive:

/usr/bin/shred -v -n 1 /dev/sda2
/usr/bin/shred -v -n 1 /dev/sdb2

I looked quickly at the man page for shred. The default setting is 25 times. Older versions list the default at 3. Iomega changed it to make a single 1 time pass! :(

Think you might donate or craigslist your old NAS drive? Well if it’s an Iomega – don’t rely on the built in “Secure Erase” to protect your data! A single pass (while at least random data) is going to be slightly better then a “quick format”. When it finished and re-initialized I restarted it, and I STILL had root access. (read: factory defaults) To which I ran my own shred on both /dev/sda2 and /dev/sdb2.
Ciao ix2!

iomega_shred

08

07 2013

Privacy

27

06 2013

Musical Moods

Recently I’ve been fascinated by quantified self. An endless stream of data from the number of steps I take, to the music I listen to. There on last.fm’s “playground” is a fantastically visual stream of identified moods and music. Not scrobbling everything you listen to? I use the Clementine player with last.fm.last.fm_mood

06

02 2013

Content (not surprisingly) is (still) King

Long time no post? Yeah… I was off building content on other sites instead of pushing content to my own. I spent some time with twitter and facebook. I did some advertising. I did some experiments, and I’m back to where I am the decider!

Monetization; Nothing is ever really free, and recently the squeeze of the all mighty dollar has been put on social media. Twitter was used to directly push eyeballs to NBC for the Olympics this year and Facebook has been slowly filtering out your feed. Now with fresh API’s and IPO’s respectively, social media is using every trick in the bag to get advertisers and it’s audience together.

Both sites control media, content, and make filtered decisions on your behalf. Remember when you saw EVERY post from your friends on facebook? They started to slowly show more of the people you interacted with. A year ago they implemented a subscribe feature that no one can figure out and opts everyone out of your feed. Soon you were asking your friends: “When did you post that?!” because FB decided that it wasn’t important. Facebook Pages are in even worse shape. Only 30% of the people that like your page will be shown any particular update from that page. “Will be shown” as in – 70% just won’t ever see it on their feed unless they directly go to your page, or you pay for that update to be promoted. Twitter has a similar model that suggests people follow you and pushes your tweets to their page.

One of my close friends liked Verizon on facebook. Or at least facebook told me that they did. Are you kidding me? Verizon has a pretty good network, but no one actually likes them. This made me suspicious and it turns out this is just another advertisement option trick.

Third party apps suffer: What I want is an app that will broadcast my words across multiple channels and outlets. I want an app that reads and parses everything from all outlets under my control. Post to facebook, twitter, wordpress, google+, etc. Show your entire timeline, all tweets, all posts. The reality is that those apps are being crushed or filtered so badly that no one will see the content when it gets there. Nothing is ranked higher then you typing an update directly into facebook.com. Hootsuite, Seesmic, Twitter, SMS, etc. will all be ranked lower (show up on less feeds) then your eyeballs on their site and their apps – looking at their ads. Google+ doesn’t even play the game. You just can’t post on G+ if you’re not on the page or using their app.

Why are we playing this game? It’s only going to get worse. We are social creatures, but at what (Buy Coke) point is the (Doritos) interaction going to be (Target) spoiled? Twitter just feels like a bunch of people yelling on mountaintops with no engagement happening. I have evidence to suggest that facebook just makes up demographic data. For example I ran an ad targeting anyone in the US that likes “rallying” OR “WRC”. It was over 250,000 people?! I can tell you that this demographic is more like 10k to 15k people on it’s best day – and that’s if I count the 25% of the population that is NOT on facebook!

Push them to the website: I’m retreating to safe waters. I pay for the server, I have a pro flickr account, my rally blog runs some ads to cover the $90 a year, and I get to post and promote whatever I want. I’ll still be on the social networks, but my goals have changed. I just want people to visit my sites and enjoy my work. If they’re interested they can sign up for updates via email or RSS. Google search loves unique content and is more likely to find viewers then a lousy facebook ad. I’m experimenting with IFTTT.com and a microblog with microposts on rallynotes.com. Instead of content ending up there, content STARTS there, where it remains king.

14

09 2012

WordSequence For KeePass 2 = XKCD Passwords

If you’re not familiar at all with the title, click here to check out the fabulous comic in question.

“Lolz” right? Well I completely agree with it – and I’m finding that my passwords are getting longer and longer and you really have no hope of remembering them. Take at look at this monster: !J$?e04uGh=eDP (89 Bits) You have no choice but to store this in a program like KeePass, never actually look at it, and hope that your password database stays backed up. :(

Password enforcement has gotten better, and worse at exactly the same rate. Here’s an example excerpt from Cal Poly’s password document. (This was discovered when my sister in-law tried 15 times to make a password that she could actually remember for her access):

Passwords must contain at least one character from three of the following lists:
1. Uppercase Alphabetic (A‐Z) 2. Numbers (0‐9) 3. Lower case Alphabetic (a‐z) 4. These Special Characters are allowed: ! $ % & , ( ) * + ‐ . / ; : < = > ? [ \ ] ^ _ { | } ~ These special characters are not permitted: # " @ and the space character

Passwords must not contain any of the following:
1. Your previous passwords used within the last two (2) years 2. Passwords less than 16 characters must not contain any of the following: a. Any words of three or more characters, including non‐English words b. Any groups of three or more characters of the same character type c. Any names, person, places, or things found in a common dictionary d. Any of your names (first, middle, last), any current Cal Poly username e. Repetitive characters (sequences)

The second part ensures that no password can be easily memorized. This string has to be written down. Once it’s written down, the whole reason for having passwords fails everyone, and after staring at the logic for 5 minutes I came up with something like this: 50Fu40Yo (42 Bits)

If you network admins are listening, you need to get over trying to corner users into crazy strings of letters and numbers. Dictionary words are easy to guess, but strings of dictionary words with random characters in there are just as good, if not infinitely better for users to actually remember. Lets look at this example: Wool+BladeFriction5 (105 Bits) A brute force attack is just going to go through every possible character in every possible position, and there’s 19 of them. Now for our ‘easy to remember’ Cal Poly password, the length is only 8 because I would never actually want to make it more then the minimum. Do you want a short useless password that gets written down? Or a long somewhat complex one that is memorized?

The challenge is to make a complex password that is easy to remember. The password should also satisfy usual requirements for length, capitalization, and numbers or uncommon characters. Here’s what I use:
KeePass 2 & WordSequence

Search the web and drop a couple thousand words (I used nouns and prepositions) into the window. I came up with some common substitutions (like @ for a, etc. – ‘b@ke m0re p1e’) and created complex easier to remember passwords like: Cheese4TigerDinner! (88 Bits) Most normal websites would accept this as a excellent password for the length and the special characters, and most humans could remember the phrase: Cheese for tiger dinner!

Tags: , ,

24

01 2012

How to find and organize gmail lost archived items.

Since we started the 21st century, I use the week between Christmas and New Year’s Day to clean house digitally. A synchronization of clocks, time servers, updates, firmware, and yearly maintenance with all things containing zeros and ones. The deleting of old emails, spam, and the archival of a picture folder entitled “2011.”

This year I stumbled on an interesting thing that gmail doesn’t do. It won’t show you mail that doesn’t have a label. Any mail that you “archived” to get off your in-box, without any categorization, dropped into this pit mixed with thousands of other labeled emails. Looking for these orphaned emails would involve looking through hundreds of pages of “All Mail.” I archived them for a reason (to go through them one day) otherwise I would have deleted them. Little did I know that finding these orphans would prove to be a challenge.

“Why do I need to see those old archived emails? If I ever need anything I’ll search for it and find it. “ – you might say.
The answer is the same as why you need a photo album and still like pawing through SkyMall. We are nostalgic creatures and sometimes (at least once a year) like to reflect on the past. Plus, a full catalog of information can result in more discovery. I’ll give two examples: 1. After rescuing my archived items I found a webcam picture of my dad with a cast on his arm. I barely remembered he broke it and seeing this picture gave me the memories back. 2. Listing out every sub-domain for UCI one day resulted in passport.uci.edu – weird way to find out that the University had its own passport office 1/4 mile from your house and you didn’t need to trek all over Orange County for mini-pictures and wait in a Post Office queue. I never thought either of these things existed and certainly wouldn’t have searched for them.

Gmail ninjas know about the Gmail advanced search options, but even here it specifically states: “There isn’t a search operator for unlabeled messages” Further searches looking for a fix resulted in a cobbled-together list of all your labels with a minus sign in front to indicate “anything not labeled this or that or etc.” Example: -(label:Subscriptions OR label:Ebay OR label:Rally OR label:Receipts) For some of you that never adopted labels, or only use 3 of them, this is great and might just work! For the rest of us, I noticed that after typing 6 or so of them into the search box and tried lables that had “Two Words” or “funky-ch@ract3rs/” search started to break. I think that nested labels makes this worse, but I stopped the experiment as I currently use 20+ labels.

In order to find your (labeled items archived in-box stuff orphaned never) you’re going to have to make the LIAISON pledge:

I {insert name here} promise to never blindly press the gmail archive button. I promise to make sure that 1 or 2 labels have been attached by filter or by my own key-press AND furthermore I promise to guard the secrets and ways of the Gmail ninja, never using my powers for evil.

Alright ninjas…
Add the ZZZ label

  • Start by making a new label. Something that you can search for in the future like “ZZZ”.
  • You will repeat the next steps many times as you go through all your labeled email.
  • START: View all of the mail in one label and click on the check-box in the upper left to select all mail.
  • At the top of the mail items a message will appear:
  • All 100 conversations on this page are selected. Select all ### conversations in “{your label}”
  • Click the link and now all the mail in that label is selected (be careful here)
  • Choose to add the ZZZ label to you messages:

  • Google with respond with a message. Feel free to click OK.
  • Find the rest of your  labels and tag them with ZZZ. It took me 5 minutes and you’ll never have to do it again.
  • If you still have labeled email to tag with ZZZ goto START
  • See that wasn’t so bad. :D Unless you have like 500 labels. :|
  • If you do have more than 100 labels, I suggest 43 Folders.
  • Done!

Now you can use this magical search string:

-label:zzz -from:me -is:chat -in:inbox

Go ahead and paste that into your email search box. This means: Show me everything that IS NOT labeled ZZZ, that IS NOT from me, IS NOT a chat, and IS NOT already in the inbox. Since you tagged all the email you know about with ZZZ, items orphaned with no labels were not tagged. Your long lost archived items will appear! I had about 150 items that I selected and placed back into the inbox for me to go through in the next couple days.

What’s next?

  • Delete the ZZZ label now that you have no further use for it.
  • Never blindly hit the archive button again. You promised! :)
  • Get Google to make a search parameter for “label = null”
  • Enjoy your discovered conversations from the last few years!

Have a happy and prosperous New Year!

29

12 2011
Do NOT follow this link or you will be banned from the site!