RTeicheira


Ender’s Game Movie

endersgameFinally watched Ender’s Game. Definitely a few liberties, but I think it stuck to the heart of the story fairly well. Was not a bad adaptation.

With that said though, I kind of wish they had shown a few more of the battles (or at least how often they came to Dragon Army) and more of Bean. Not to mention I would have loved to see Dragon Army go from “we are screwed” to “we can do anything” mentality that is in the book and how they moved from hating their assignment to “worshiping” Ender.

Was also hoping for some more Bean story, considering it is supposed to be a movie that is a collaboration between both Ender’s Game and Ender’s Shadow (the Bean story that takes place concurrently to Ender’s Game).

And to much between Petra and Ender. There wasn’t that much in the books. More happened between Bean and Petra.

I’ll give it a 7.5 out of 10.


Time to Kill Passwords

Disclaimer – I do not work for nor am I being paid to write this article by either LastPass or Yubico or any other party.

Passwords

Image Source: pcmag.com

Over the last month there have been a dozen different security breaches:

And all of these just from December 2013 through January 2014. Admittedly the CNN and Microsoft breaches were not a release of data, but shows that hackers (in these two cases it looks like it was the SEA or Syrian Electronic Army) are active and using whatever they can to either get your information or spread their message across. Furthermore, using compromised accounts do not seem to be the root of the Target, Nemian Marcus, Michaels, or White Lodging attacks, but a sophisticated malware that was introduced in the Point-of-Sale (POS) systems. The Yahoo attack was simple: get people’s account credentials.

What the Microsoft, CNN and Yahoo attacks have in common though, are either getting account information and/or using compromised accounts for malicious intent. We may not be able to easily fight credit card theft without a huge overhaul to all our POS systems, but as individuals we do have control of our web accounts and being able to use a form of two-factor authentication to keep ourselves safe.

In my article I am going to be speaking specifically around YubiKey by Yubico and LastPass. Why? These are the products I currently use, have had no issues and love the easy integration between them.

Password Managers

There are a few dozen different password managers in the world. All have different kinds of features. Most have some kind of plugin that can tie into your favorite web browser. Some have a nice web interface while others have a desktop application. It all depends on what you are really looking for and wanting. For a good article on the different password managers out there, go over to PCMag and read their “The Best Password Managers” article.

LastPass

LastPassI’ve been using LastPass for over a year now. It stores/creates all my passwords now days and it can do so much more. It can also securely store credit card information, documents, audit yourself and more. Currently I am using it primarily to store my passwords, while having access to them at work or at the local bar using the mobile app.

Besides storing and importing all your current passwords, it is streamlined enough to tell you if you are using that same password with another site (which is a big no-no) as well as an easy to use password generator to help update all those annoying passwords. You can also setup “equivalent domains” for those sites that use the same login credentials but have different URLs (example: amazon.com & audible.com).

You are probably saying right now: “this is all good, but I still need to have a username and password to login to LastPass”. Correct, and it will be the only password you ever have to know. It is a lot easier to remember one long complicated password than to remember “which complicated password do I use with Wells Fargo vs Chase?”. My current password is over 20 characters long, using special characters, numbers, lower and uppercase letters.

LastPass does have a few issues I have found. Integration with IE doesn’t seem to be the best in the world, some websites it cannot determine the username and password boxes and by default they do not have two-factor authentication enabled. For the last point, there are a number of ways to enable two-factor authentication, including a one time password (OTP) by LastPass and various third-party tools.

Conclusion: no matter what password manager you choose, just do it. You only need to know one password and no matter if Yahoo or someone else gets hacked, only THAT account is compromised. They will not be able to get into your Facebook or Twitter accounts. Plus using a password manager lets you have complicated random passwords which cannot be easily brute-forced.

Two-Factor Authentication

There are many options in this area. Google uses their Google Authenticator, Facebook and Twitter can send a one time use code to your phone when you try and login from an unrecognized device. In the corporate environment companies use a special smart card/badge, security token or biometrics. Whenever possible you should use two-factor. More and more sites are rolling this out, so opt-in ASAP!

YubiKey-NEO-on-SmartPhone

Image Source: yubico.com

LastPass can tie into the following methods:

* Indicate built-in LastPass options

YubiKey by Yubico

Yubico-Trust-the-Net-Logo-SmallYubico has a number of options. The one I have is the YubiKey Neo (pictured above). The reason I got this one is has all the standard features, but also has the NFC option. This option is useful if you have an NFC enabled Smartphone, you have LastPass configured to use YubiKey and you want to access your passwords while on the go and are not near a computer.

Yubico has a decent software suite that will let you program your YubiKey for other activities, including enabling two-factor authentication in Windows.

Overall Conclusion

With LastPass and YubiKey together you have a secure place to store random passwords, having different passwords on every site, including adding a little extra protection to your LastPass account. The two working together is incredibly simple. Sign Up with Lastpass, purchase a YubiKey, configure LastPass with a strong password and to use YubiKey as two-factor authentication. After that, everytime you try and log into your LastPass vault it will ask you for your username, password. After you click login, plugin your YubiKey to a spare USB port and tab the little button to send a onetime code to LastPass that will let you finish logging in.

So get out there, get a password manager and keep your passwords secure.


Back into Audio Books

audible logoSo, after getting out of reading (and not even listening to books in a few years, I finally broke down and loaded up the Ender’s Game audio book to listen while sitting in traffic. I forgot how nice it is to listen to when sitting in traffic. Makes commuting so much better with 90% less suck (especially if you enjoy the book).

There were a couple of reasons why Ender’s Game. 1) Wanted to hear it again before seeing the movie (even though Orson Scott Card has rewritten the last chapter since my version of the audio book was recorded). 2) I enjoyed it a lot the first time I heard it. 3) Orson Scott Card is a play-write author. What I mean is that when he writes he writes so that his stories are told not read. He has said during an interview that he loves when he hears “I remember when my mom/dad read Ender’s Game to me”. He also used a dozen other examples and reasons as to why he likes having his stories told and not read. So, in remembrance of this last bullet I listened to it again.

If you have never read/heard Ender’s Game, know one thing; you immediately need to start reading the next book (Speaker For The Dead), followed by the next (Xenocide), etc.

Soapbox: follow Orson Scott Card’s reasoning and listen to his books. I have partially read Ender’s Game (actual reading, not listening) and found the presentation MUCH better when listening to it. There is something about his way of writing that makes his stories better told vs. read.

To help get my crave of space adventure, while idling in traffic, and for better sound (shhh, I previously downloaded all these books….) I broke down and joined audible with their 30-day free trial. Signing up was easy, and getting my free book was just as easy. Quickly downloaded the app to my phone and downloaded the book. You can even download these audio books to your any of your Kindles and it uses whisper sync to sync your location across all devices (huge plus!),

The app itself is nice and simple and reminds me a little of the Amazon Kindle app (as it should!). You can easily get to whatever chapter you need to, backup, pause, all the normal stuff.

If you are a big book reader, but just cannot find the time, I have to say, GET AUDIBLE! I have been listening to books driving, walking and when doing some light work at work. I upgraded one level on my subscription, so I pay $23/month. With this subscription I get two book credits each both to download books. So doing the math, each audio book comes out to $11.50 which is about a $9 savings when you look at the full price of the audio book.

It may just save your sanity when you are stuck in traffic at 5pm on a Friday afternoon.

Hmmm… I seem to have rambled… all well.


Correct Database Issue #144 – Corrupted Table

I came across an interesting problem recently where one of my MySQL tables became corrupted and the automated repair feature was not able to fix it. It was a non-critical table so the website still mostly functioned, but it did limit some functionality. I had a backup, but it was a few days old and I had just recently made a lot of changes that impacted that particular table. So after searching for a hour I was finally able to find the issue and resolve it without needing root access to the server (which I don’t have).

Note: there are a number of reasons a MySQL table can become corrupted and I have not yet diagnosed what caused the issue for me. It could be anything from a hard disk failure to a software issue.

Background

  • I host everything with bluehost.com
  • I have shell access, but do not have root access – IMPORTANT
  • I have full access to phpMyAdmin and the MySQL Databases

The Error

Here is the error I was seeing in phpMyAdmin (sanitized of course)

#144 - Table './<database>/<tablename>' is marked as crashed and last (automatic?) repair failed

Nice cryptic error.

The Resolution

I logged into the shell interface using putty and logged into the database:

$ mysql -u <username> -p

Replace <username> with your database username. After pressing enter it will prompt you for your password.  After logging into MySQL we need to select the database that contains the corrupted table:

mysql> use <database>

Again, replace <database> with the name of the database.  You should see a confirmation message of “Database changed”.  Now let’s check the table that is causing the issue:

mysql> check table <tablename>;

As before, replace <tablename> with the name of the suspected table.  You should get output similar to:

+--------------------------------------+-------+----------+---------------------------------------------------+
| Table                                | Op    | Msg_type | Msg_text                                          |
+--------------------------------------+-------+----------+---------------------------------------------------+
| database.tablename                   | check | warning  | Table is marked as crashed and last repair failed |
| database.tablename                   | check | warning  | Size of datafile is: 20652 Should be: 19564       |
| database.tablename                   | check | error    | Key in wrong position at page 14336               |
| database.tablename                   | check | error    | Corrupt                                           |
+--------------------------------------+-------+----------+---------------------------------------------------+
4 rows in set (0.02 sec)

This is definitely the problem table. Now to run the command repair command:

mysql> repair table <tablename>;

You should get output similar to:

+--------------------------------------+--------+----------+----------------------------------------------------+
| Table                                | Op     | Msg_type | Msg_text                                           |
+--------------------------------------+--------+----------+----------------------------------------------------+
| database.tablename                   | repair | info     | Delete link points outside datafile at 18580       |
| database.tablename                   | repair | info     | Found block that points outside data file at 18908 |
| database.tablename                   | repair | info     | Found block that points outside data file at 18924 |
| database.tablename                   | repair | info     | Found block that points outside data file at 19064 |
| database.tablename                   | repair | info     | Delete link points outside datafile at 20152       |
| database.tablename                   | repair | status   | OK                                                 |
+--------------------------------------+--------+----------+----------------------------------------------------+
6 rows in set (0.00 sec)

Looks like everything is resolved, but run the check command again to verify. You should get something similar to:

+--------------------------------------+-------+----------+----------+
| Table                                | Op    | Msg_type | Msg_text |
+--------------------------------------+-------+----------+----------+
| database.tablename                   | check | status   | OK       |
+--------------------------------------+-------+----------+----------+
1 row in set (0.01 sec)

And that is it. I logged back into phpMyAdmin and everything seems to be working like a charm. All-in-all a scary error that was easy to fix.