Monday, 6 February 2017

KeePassX - Cross-Platform Community Edition

One of the big problems that many people have with passwords is that there are just too many to manage in your memory alone. People either end up wring them down (which is actually a pretty good solution if you keep that piece of paper secure), or using the same password for many sites. This creates the problem that if one site gets compromised, the hackers will now have access to accounts on other sites that share that same password (assuming you use the same email address). The best solution to this problem is to use a password manager, which is the electronic equivalent of that piece of paper you write all of your passwords down on.

There are many options available for managing passwords. Some of them are online and accessed through your browser, and some are locally run programs. I prefer to use something that's local (don't always have Internet access) and open source (don't trust software that you can't audit, especially with passwords).

I've been managing my passwords using a piece of software called KeePassX for about 10 years, pretty much since I started using Linux. It's a fantastic tool that allows you to keep track of all of your passwords in a very secure way, storing them centrally with you only needing to have to remember a single password. It works across devices, and applications are available for Linux, Windows, Mac, Android, and iOS. It supports basic 2-factor authentication using key files. With this feature, you need both your password and and a key file to be able to decrypt the password repository.

KeePassXC is the "community" branch of the KeePassX source code. The KeePassX project that it's based on has apparently been slow to incorporate new features and changes, and one of the big benefits of open-source software is the ability to "fork" a project to take it in a new direction. In this case that new direction involves incorporating new features such as reloading the password file when it changes on disk, using website's favicons as entry icons, and a few other nifty features. Reloading the file when it changes on disk is a big one for many people as I'll explain in a bit. The project keeps almost all of the existing KeePassX features as well, minus a few that were deemed "potentially insecure".

Multiple Machines

Because of the "autotype" feature supported by KeePassX (and KeePassXC) that allows you to have the software type in your username and password for you, it's quite convenient to have the software running locally on each machine you use, rather than say reading the username and password from your phone and typing them in manually. It works, but if you use long, complex passwords it's slow and error prone. To do this of course you need a copy of the password file to work with.The problem is sharing the file between the multiple machines. To do this, the best thing to do is probably to use a file-synchronization service. DropBox is probably the one you're most familiar with, but if you're interested in Security, I'd pick pretty much anything ahead of that one. SpiderOak is my favourite as their one of the few that actually do security "right". Unlike most of the other services of this type, you control the encryption key for your files, meaning that even SpiderOak has no idea what you're storing there.

Once you have your file synchronization service set up, put your password file in one of the directories that gets synchronized and any changes made to it will be visible on all machines. This makes the new automatic reload feature of KeePassXC worth its weight in gold. It means that you no longer have remember to close the file after you've used it, or make all of your changes on a single machine and have the file open "read-only" on the rest of them.

WARNING: Do not synchronize your key file (for 2-factor authetication) on your file synchronizing service. This defeats a large part of the use of it. Put the file on your devices manually, or worst case, using a different synchronization service.

At this point there doesn't seem to be an Android or iOS version of KeePassXC,  although there is an Android version of KeePassX. This version will work with the KeePassXC files, but will not automatically reload when changes are made. This is not that much of a big deal as on other platforms though, as most of the file synchronization services do not automatically synchronize either;'; they're more of a manual "on demand" sort of thing.

This workflow should allow you to be more secure, spend less time typing in passwords, and learn a few new tools. Keep in mind that KeePassX and KeePassXC can store more than just password ... they can also store embedded files of any kind.  Great place to keep PDF versions of your tax forms perhaps?


Saturday, 4 February 2017

Nita Beer Company "Five Fingers" Brown Ale

Medium golden brown with a solid beige head that persists well. Aromas of coffee, cocoa, caramel, and sultana raisins. A slight hop bitterness and clean taste highlighting the raisins in the aroma. Quite a nice beer, especially on a winter afternoon. This would pair very well with sandwiches on light rye with caraway seeds.

Friday, 3 February 2017

Louis M. Martini Cabernet Sauvignon Sonoma County

A very yummy and versatile wine with a strangely storied history with me over the past few months.

I first tried Louis M. Martin Cabernet Sauvignons a few months ago at a large tasting with Natalie MacLean. I generally go through thirty or forty wines during one of these, and always remember stand-outs. At this particular even, a Louis M. Martin Cab Sauv was definitely one of them. It was amazingly good for what I thought was a $20 wine. I actually went as far as selfishly trying to hunt down a case of it before raving about how good it was before raving about it online.

It turns out that Louis M. Martin has several version of their Cab Sauv, and I'd tried the more expensive version.  Thus ended a potential "unicorn hunt" where I try to find a $20 wine that tastes like a $40 wine. It's not unheard of, but it's difficult. When I discovered my mistake I picked up a bottle of each. This review is actually for the cheaper of the two. While it's not as good as the more expensive version, it's still quite a good wine.

It's a deep ruby wine, tending towards garnet. The aromas centre around the fruit, with black cherry, plum, and cassis, but are closely followed by cocoa, dried leaves, tobacco, and tar.  Great complexity, and it does open up quite well, so decant for about an hour if you have the time.

The taste is mainly tart black cherry with a touch of plum. There's a nice level of tannins that are a touch young and might improve with a little ageing. The finish is medium tart cherry with the tannins showing nicely as well. Going from memory, the big difference between this and the more expensive version might be that this has a very slight touch of vegetal taste, but is missing a touch of mint in the aroma. Check back later when we try the upscale version.

We paired this with leftovers. Specifically, leftover roast beef done in a pressed panini, with a Jalapeno Jack cheese and "brocoslaw". It was a good pairing, but not exceptional. After dinner, we tried the remaining wine with some Costo chocolate truffles that had been hanging around since Christmas. Desite violating the general guideline that your wine should be sweeter tan your dessert, the pairing was very good. The cocoa aspect of the wine matched the dusted cocoa of the truffles, and the acidity of the wine was a perfect offset to the fattiness of the truffle. I highly recommend it.