Posted on Leave a comment

KeePassXC, KeePass2Android & OTP

Originally published 2018-09-06, updated 2020-07-29

My beloved KeepassX has not seen a release since 2016, but a newer fork entitled KeePassXC has. The latest version looks very much the same when viewed from LMDE3 with a dark theme. The added functionality is quite nice: A TOTP Seed and Code Generator.

For native theme support (under Debian), do:


sudo apt install qt5ct Restart/relogin Set preferences under Menu > Preferences > Qt5 Preferences > Appearance: Style = gtk2 Standard dialogs = GTK2 Palette = Default

Update 2020-07-29: This is still a great app and I use it daily. One small problem that recently emerged is that the latest version of KeePassXC 2.6 (and 2.6.1) has an issue (#5095) with the search bar not being visible (or accessible to ctrl+f) when text is included next to or under icons.

OTP / TOTP Seed + Generator

OTP in software (virtual device) is needed, and is the most convenient approach to having some kind of 2FA (two-factor authentication). This means not only a password but some other kind of evidence is needed. Sometimes this key is tied to a device (as in the case of the Google Authenticator). When not virtual, it is a dedicated hardware device (banks like to make you have their particular hardware device), though there can be multiple copies of the hardware device (as in multiple Yubikeys).

The problem with a single virtual device is the well-known issue of losing it (such as a phone that the software is kept on). Backups can be made of seed codes (QR Codes and/or the string that is represented).

Authy Apps, Synchronization, and Cloud Backup

Authy is the best (and free) solution, though it does have a third-party involved (namely their cloud backup/sync application). Other than that, it is a reasonable approach and beats out Google Authenticator, and the sheer add once, access across multiple apps is definitely a modern desire.

That said, if it were possible to have seeds in a more generic encrypted database with access to generated codes, that would be better (especially if multi-device, cross-platform).

Well that is exactly what KeePassXC and KeePass2Android support. This was a revelation for me.

KeePassXC Desktop Application

KeePassXC is a fork of a fork, most recently to spur the development of what was KeePassXC that had very slow development, and is now dormant. The ability to do OTP was originally a plugin for the original KeePass (which supports plugins). Now we have something with a built-in function, and also includes some enhancements from the older (and still serviceable) KeePassX, which unfortunately has 85 open pull requests in github (come on, give someone else ownership of this project, already).

Keepass2Android Mobile Application

The most serviceable Android Keepass2 implementation is the aptly named Keepass2Android, which is actively developed and available through the Google Play store. It too has OTP functionality, elegantly implemented.

Posted on Leave a comment

Linux distributions & desktops

The LMDE3 installation I had done 18 months ago was in need of a refresh. This was based on Debian 9, so I thought Debian 10 would be a good place to start. Unfortunately, the newest release breaks my laser printer, so I've looked at continuing with Debian 9 (aka oldstable) for the forseeable.

In the course of my efforts recently, I've tried:

  • Debian 10 (breaks printing)
  • Arch (couldn't install network drivers)
  • Manjaro (failed to load OS on boot)
  • CB++ (could not see network devices)
  • Debian 9 + LXDE (working)
  • Bunsenlabs Hydrogen (Debian 9) (initial install ok, just too bloated and complex)
  • Bullseye (Debian 11) Alpha 1 with LXDE (working nicely)

Bullseye has the advantage of being testing which is a combination of stability and new development. It is not clear to me the process of going from testing to stable in terms of the so-called freeze. The idea is to remain in testing indefinitely, however that is possible.

On distributions...

Once one realizes the way the distributions are made, it seems to me to come down to getting close to a major distribution, so that one has a lot of options on software to install. The main choices are: Debian, Fedora, Arch. Fedora has a bit fewer options, in terms of applications available, than Debian and Arch. Ubuntu is derrivative to Debian, but its distribution cycle does have some advantages. However for someone taking responsibility for which repositories and how to use them, then it makes the most sense to stay close to the original source. Debian warns about mixing repositories and creating a franken-distribution, but if one sticks closely to stable-backports and extends based on limited application needs (especially those with few dependences), then it should be possible to have a good experience.

There is a bit of work, because one does have to upgrade from one release to another, but it is not so bad because of backports and taking place every 2 years or so. In any case Debian seems to be the primary distribution source of import.

And desktops

When it comes to desktops, a minimal approach can be quite freeing. It seems that the newer, or ongoing distributions have issues regarding maturity/stability and resource requirements. So, projects such as Gnome, Cinnamon, KDE are bloated and require a bit of resources, and projects such as XCFE and Mate are a bit frozen in their development (perhaps just a personal preference). The LXDE desktop is a bit of fresh air, since development has largely stopped. Openbox, the window manager for LXDE is basically a finished product. This is the kind of platform one really needs to stop somewhat needless development. (Though there is some development needed which is neglected, such as newer monitor connection support.)

Openbox and LXDE

Openbox and LXDE are a great learning tool when used together. In order to configure or make changes, one learns where various settings are, and what applications control what functions. For example, changing the default filemanager from pcmanfm to nemo one also learns (besides various gnome settings and a symlink) how to install and configure a wallpaper-setting application (hsetroot), as well as startup applications to run the wallpaper setup script on login.

Essentially, openbox and lxde were set up with simplicity and modularity in mind, unlike monolithic desktop environments. Even though these tools are a bit old and few resources are going into them, swapping out the various components is both possible and relatively straightforward. Along the way, one learns how the the linux desktop works in a hands-on approach.

Crunchbang no more

Just as when the crunchbang project ended, the same can be said of crunchbang successors (cb++ and bunsenlabs) that these projects are not better than vanilla Debian (plus one's choices of desktop components). For this, openbox and lxde (and perhaps lxqt) live on as useful tools.

Posted on Leave a comment

Onyx Boox Nova Pro

The Onyx Boox Nova Pro is a popular 7.8" eNote device with grayscale e-ink Carta screen, and a Wacom touchscreen layer, under mobius and glass. The hardware includes USB-C, an on/off/sleep button and a back button, along with bluetooth and wifi.

The main advantage, though still a bit incomplete, is the ability to read and write in e-ink. Reading is good support for ebooks and pdf, and writing is in an app as well as a scribble function and a side-note function. Scribble only works on pdf, while sidenote works on ebooks and pdfs.

Where to Purchase the Onyx Boox Nova Pro

It is a mistake to buy an Onyx Boox Nova Pro from anywhere but the Boox site, since support is not provided by Boox when bought through third parties. In addition, currently the Boox shop includes a set of accessories for the Nova Pro (including a cover) at no additional charge.

Reviews and their Limitations

Unfortunately every review we've seen is basically a reviewer checking off boxes rather than coming from actual use that is anywhere close to real use cases. Facts of this nature are only found on certain forums, if that. This is a challenge because the feature set is far from complete and recent updates (on the Onyx Boox enote devices) have made some changes to basic functionality (for good and ill).

Physical Specifications and Usability

A 7.8" device is compared with the original 6" paperwhite, which is our previous model that held up for 7 years of use. While some might compare with other premium ebook readers, that shows that the real difference is the Wacom layer and note-taking ability.

By comparing with the Paperwhite, it indicates what a difference a generation makes in terms of not only a screen, but the interaction functionality that is very different now (and we believe will be different again once voice recognition expands to reach the level of interactivity that e-ink + wacom currently provides in the Nova Pro. Truly effective voice control (that is affordable) may reach devices at about the same time as truly effective and affordable color e-ink devices.

Compared with the 6" paperwhite there is over 32% more screen available, not to mention the significant difference with the Nove Pro 300ppi display at 1872 x 1440 px.

The weight difference is 275g vs. 213g. Significant, but the flat aspect hides some of that weight. Dimensions are 196.3 × 137 × 7.7 mm vs. 169 x 117 x 9.1 mm. The Nova Pro is thinner, and about 3 cm taller and 2 cm wider.

Unfortunately the pen, which works fine, doesn't have a great feel (complete plastic) nor an elegant way to stay attached to the main device. Cues should be taken from Microsoft for what it has done with pen attachment (and pen technology in general).

Actual Usability

The heart of the matter comes down to a few issues with this device:

  • orientation / rotation, and
  • sidenote / scribble

When dealing in the real world, one has to take account of actual use cases. For example:

  • Reading a pdf, and marking up a page
  • Reading an ebook, and marking up a page
  • Reading a pdf, and adding notes to the document
  • Reading an ebook, and adding notes to the document

The care in which how the user is able to perform these actions, and have full expected functionality falls short, in several ways:

  • Ebooks cannot have markup on a given page
  • When in the sidenote functionality, the menu for the document is unavailable and a landscape orientation imposed (both with ebook and pdf)
    • This means in order to access any menu/functionality for the document, one has to exit out of sidenote first.
  • Sidenote for a pdf, makes the document into a thumbnail on one side of the screen (essentially unusable) by zooming out, and pinch-and-zoom is not available.

Orientation / Rotation

Orientation cannot be set properly except in a few options, for example landscape for reading an ebook. However, some third-party orientation apps might work. We prefer Rotation Control Pro which runs $2.99 USD but is blissfully removed from advertising.

In general, this is not a problem in the sense that sidenote changes to landscape, if one is used to portrait. Landscape is useful when having two-column layout in being very reader-friendly. However, when reading PDFs the best thing is to have it be portrait and full-page sized. There are various settings available to get the pdf displayed as one prefers.

For viewing and annotating pdfs, the Nova Pro is quite good. PDFs do still appear a bit small, but they are legible, and a decent pair of reading glasses helps. One can definitely see how a 10.3" display will go the extra step toward making e-ink pdfs truly effective.

Sidenote Limitations

Sidenote is a landscape orientation with the ability to shift around orientation. The problem is that the only menu bar available is for the sidenote, and not the book itself. Sidenotes are affixed to the book rather than a page (unlike the scrible function available for the pdf viewer).

Note Limitations in General

There have been improvements for how notes are stored, synchronized, and accessed, however some basics are needed from a philosophic approach: Notes should be available

  • on pages they are made on,
  • in books they are made in, and
  • as collections themselves (metadata implicit and tagged).

This is really no difference than how annotations work, in that they are tied to given pages or locations as well as books themselves.

In addition, some kind of ocr should also be available across all notes in their various locations.

Limitations on the Navigation Ball

The Navigation Ball is helpful functionality, but it is limited in what its five menu items can be. For example, home is not an available option, nor is the Library (though Notes are). Also, just the simple ability to call up the top menu which is available at home but not within any given document.

Menus Menus Menus

A huge amount of the trouble one currently encounters in the Nova Pro has to do with menus, when and how they are available (and how they are not). Basic navigation usability is really key and boy does it hurt when it isn't worked out well.

Copy and Paste across Apps

Copy and paste does work accross apps including the native local apps and Android apps. This is very useful in the use case where a chat app such as Telegram is used to store/send bits of copied text.

Synchronization with Syncthing

Syncthing android application works fine on the Boox Nova Pro.

Navigation Tips and Tricks

Posted on Leave a comment

Registrars, DNS, VPS, Hosting

Simplicity is a wonderful thing. For the domain name game and hosting services, there are two kinds of simplicity:

  • A single, monolithic simplicity - aka all-in-one
  • A set of modular simplicities - aka best-of-breed

At this stage in web hosting, domain name registration, and DNS service offerings, the second form of simplicity is the preferred approach to dealing with domain registration, DNS service provision and hosting service providers.

Three Services - Three Service Providers

The current approach we take is to manage service providers at each level of service provision: domain registration, DNS services, and hosting providers. In addition to hosts (actually, unmanaged VPS or cloud services), there are application providers (SAAS/Cloud Apps), such as Google Apps for Domains (including the venerable Gmail/GoogleMail as well as their cloud/web-based office suite).

Domain Name Registration - Porkbun

  • They register and manage the domain nameserver pointers (NS records) that are registered with the 13 top level DNS servers
  • The customer indicates and can change which nameservers to use, based on who the preferred DNS service provider is
  • Cost is approximately $10-35/year/domain (depending on TLD), with per year or multi-year registration
  • Our preferred Doman Name Registrar is currently Porkbun, though I tend to change these every few years when service levels decline and prices increase.

DNS Service Provision - ClouDNS

  • They manage the servers and record entries which point to various services that are hosted at various addresses, including email, web, ftp, jabber, etc.
  • The customer can create and change all the various entries to point to different servers or service providers depending upon what application hosting services they have with service providers (email, web, etc.)
  • Costs should run about $5/month on average, for around 10-20 domains
  • Our preferred DNS service provider is [strike]DNSmadeEasy which is $ 60 USD/year for 25 domains (even cheaper for 10 domains), and $1.95 per domain thereafter.[/strike]ClouDNS which is cheaper than, better management tools, and nearly as fast as DNSmadeEasy (and better customer support, the final deal-breaker with those folks).

Application Hosting Service Providers - AWS, Github, Netlify

  • They manage one or more of the servers which offer particular services, and provide client management interfaces
  • At this level, each application can be considered a unique offering which then uses the best-of-breed approach at a finer level, which enables the use of individual service providers for each service needed, such as email, web, application development, etc.
  • The customer then can individually manage the configuration and content delivered by each given application
  • Cost is from $0 to $200/year depending on service.
  • Our preferred email, chat and cloud-based document sharing and collaboration service provider is a roll-your-own system based on Syncthing and various AWS services (s3, lightsail, ses).
  • AWS is our current Unmanaged VPS of choice, especially Lightsail.
  • Some parts of Github are good for hosting, especially git.
  • There are some specialty providers for things like react apps and the like, including Netlify.
Posted on Leave a comment

Syncthing <= Dropbox & GDrive

Syncthing

Google Drive (GDrive) and other cloud storage alternatives such as Dropbox and Microsoft Ondrive all have the serious drawback of keeping one's information in a third party cloud repository. Privacy and security are generally compromised this way, even when paying for storage (as opposed to having an advertising model, which is worse in many ways).

Continue reading Syncthing <= Dropbox & GDrive

Posted on Leave a comment

Pandoc, Markdown, XeLaTeX, EPUB

EPUB documents are essentially a kind of html document as a collection of files which are zipped, and include html, css, images, and some XML pages. There are several ways of organizing these, but the most straightforward is one html document for each chapter (or section), a set of images organized in a subfolder, and a few metadata files regarding the collection. An epub document can be even simpler, and consist of a single html file, no images, and a few metadata files.

Continue reading Pandoc, Markdown, XeLaTeX, EPUB

Posted on Leave a comment

Image / Scaling / Compression

Size matters, and the smaller the better, when it comes to generation, modification, transmission, and storage of information. The vast amount of unoptimized documents and images on my very own local storage, much less what we send and receive all the time, is astounding. The idea that we need 100gb or 1tb of storage (thank you Dropbox, not) is sheer waste and sloth. I've addressed these issues a bit in the past, but it is time to take a bigger picture approach.

Note that this refers not only to images but essentially collections of images, namely pdf documents and video.

Continue reading Image / Scaling / Compression

Posted on Leave a comment

DNS Records and Services

First, there are two kinds of DNS records: those for client look, and those for a server.

Client Lookup - DNS Resolvers

I don't trust Google DNS, though for a while it was the go to DNS, and easy to remember at 4.4.8.8 8.8.4.4 and 8.8.8.8.

For privacy, for me, there are two options, with the first being just better:

If one wants some security (as a service), then Quad9 is worth a look.

It is possible to run one's own resolver, though it takes a bit of configuring and resolvers are seen as an attack vector for various bad actors.

DNS Services

There are several DNS services to choose from. Dyn and related companies is the worst. Free DNS services such as afraid.org and he.net are unreliable, or simply not reliably fast. It makes the most sense to go with a top-rated DNS service (highly available and fast resolve times), and pay for this service (though less is more when it comes to expenses).

As with resolvers, basic DNS services can be run on one's own server, not including the Registrar functionality of placing the nameservers in the root domain servers of the Internet. Again, it takes a bit of configuring so that one has functionality, privacy, security, and is not seen as a target.

DNS Records

NS Records

There are several records to worry about. The first are nameservers, which are put into the registrar database. This can be as few as two or as many as six (possibly more).

A Records

Depending on the DNS Server, these can have wildcards or not. Generally there are at least three A records to have:

  • Root domain
  • www subdomain
  • * wildcard

For certain services, it is required to have a www. and also people mistype this, so it is best to have it as a domain, to have it on the SSL certificate, and to have a reroute from www. to the root domain.

CNAME Records

Usually only Bing Webmaster Tools requires a CNAME record. Otherwise these are generally worthless.

MX Records

These are for the mailserver. Usually a few are needed, one plus two backups. Gsuite has five records, but that is overkill. The top three make the most sense. Also, there are priority numbers, e.g, 1, 5, 10 to govern the round robbin-style resolving.

  • 1, aspmx.l.google.com.
  • 5, alt1.aspmx.l.google.com.
  • 5, alt2.aspmx.l.google.com.

TXT Records

TXT records are the go to place for every third party to put their info. Several examples of TXT Records include:

  • Yandex Webmaster Tools validation
  • Google Webmaster Tools/Analytics/GSuite/etc. validation
  • _acme-challenge records for DNS-based authentication for LetsEncrypt

PTR Records

PTR records are essentially a reverse so that an IP address is associated with a host.domain.tld. This is key for sending email.

DKIM, SPF, DMARC

These are all records for email security, at various levels. DKIM and DMARC are TXT records, and SPF can be TXT or specific SPF records, depending on the DNS service provider.

SPF Records

SPF looks like:

host.domain.com / "v=spf1 include:_spf.google.com ~all"

SPF are one of the earliest and easiest email records to set up for security, and specifically states which hosts can send email for the domain.

CAA Records

These records help tell SSL Cert providers which of those providers can generate a cert for the domain records. Each host needs two records:

  • Name (host), Type: iodef, Value: "mailto:address@domain.com"
  • Name (host), Type: issue, Value: "letsencrypt.org"
Posted on Leave a comment

Open Source Cloud

The day has come when I have confidence it is possible to move off of all third party clouds, with the only exception being social media and social network sites. That is, the wonderful world of email, file sharing and synchronization, and even online document collaboration, can all be supported independent of third party services.

Desktop Applications - Open Source Replacements

Around 2005 I decided to move off of all possible proprietary third-party applications. This has been largely successful, though there are a few smaller tools I do pay for. In those days the two monsters were (and still are) Microsoft and Adobe.

There are many additional tools which have been overcome by their Open Source rivals, especially with the trend toward lightweight.

Cloud Applications - Open Source Replacements

In terms of the cloud, the heavyweights are Google Docs/Google Drive and Dropbox. Of course there are other tools out there which are equivalent (essentially, web-based document editing/sharing and file synchronization and sharing tools). And not to forget, the venerable mail and calendar tools.

So what we need are:

  • An email, calendar, contacts application with webmail functionality (and underlying email transport) -- iRedmail has become an attractive platform since it integrates other well-known tools.
  • For file synchronization, Syncthing works well.

For some kind of shared document collaboration in the cloud, there are options but the big problem comes down to security/privacy (for third-party services) and functionality/maintenance (for self-hosted solutions).

For third parties there is Cryptpad, and self-hosted versions available from their Cryptpad Github repository.

Posted on Leave a comment

How to Ditch Google Email

This is really about how to get off of Gmail/Google Email for Domains/Gsuite. It is not difficult to get off of Google Drive, and Google Photos, as well as Google Docs and Google Sheets, and the like. But there are certain advatages of Gmail/Google Mail, and the free version of GSuite, which I've been using for ten years or so.

Continue reading How to Ditch Google Email