This document updates RFC6761 by requiring that the domain
"localhost." and any names falling within ".localhost." resolve to
loopback addresses. This would allow other specifications to join
regular users in drawing the common-sense conclusions that
"localhost" means "localhost", and doesn't resolve to somewhere else
on the network.
Woke up Sunday to find, the latest Windows 10 update to Jill’s computer broke the network drivers. After multiple increasingly long-shot attempts to get a network connection working again, we decided to dump Windows and install Linux.
Installing Ubuntu 16.04 LTS was fairly straightforward. It was made even quicker by the fact that under Windows, the \Users\ directory was already on a separate physical volume from the OS. That way, the data was all passing through this process untouched. Setting up the browser was also easy, thanks to the cross-instance Chrome synchronization. To reconnect the data, I just deleted the empty Documents, Pictures, Music and Videos directories from the /home/jill directory. Then I replaced them with symlinks to the corresponding directories under /Users/jill on the larger volume.
The final basic set-up task was email. Since Jill had been using Outlook, this promised to be the most involved and fiddly task. The goal was to replicate as much of the Outlook user experience as possible on a Linux client machine. That is to say, simply switching to web mail was not considered.
The two client programs with the broadest feature set to pull this off are, Evolution and Thunderbird. My own recent experience with Evolution is decidedly negative, but mostly not for reasons related to how Jill will use her email client. In any case, I decided that Thunderbird was the first choice. (Not just my first choice, either: this review, like a number of others, has Thunderbird and Evolution ranked 1-2.) So, if Thunderbird is ultimately not to Jill’s liking, Evolution is on deck.
The task before me now was, migrate all the existing email and contact info into Thunderbird from Outlook. Naturally, extracting user data from a proprietary format (.PST) is quite an obstacle course. Here’s the navigation I worked out:
First step was to run readpst against the .PST file. That nicely extracted all the folders in their hierarchy, and dropped a single RFC 4155 MBOX file into each folder with that folder’s messages.
It would have been nice to have a tool that would walk the entire folder hierarchy and replicate it in Thunderbird’s Local Folders store with the messages pulled into each. Alas, this is not quite fully realized anywhere that I could find. But I did find the components of what I wanted to do in the Import/Export Tools add-on. In the first step, it faithfully recreated the entire folder hierarchy, albeit empty.
In the next step, I had to import each MBOX into its folder. To give me just one extra annoying task to do, instead of importing the messages into the target folder, it created a new subfolder called “mbox” and put the messages there. I had to move the messages to the parent folder and delete the “mbox” subfolder. Attempts to accept Import/Export Tools’ offer to import the entire hierarchy of email folders resulted in 40+ folders named “mboxNNNN” in a single Thunderbird folder, with only the content of the messages to determine where they actually belonged. Not really workable.
The last task was importing the contacts. While readpst had emitted a lovely VCF file with all the contacts in it, for no obvious reason that file was named, simply, “contacts.” I had to add a .vcf extension for the Import function of Thunderbird’s Address Book to recognize it.
Well, this is done. I now understand why there is a market for commercial products that do this: it’s one thing to do for a single user, but I would probably lose my mind if I had to do it for 20. Let alone, 20,000!
This is one of the finer examples of what is known in some circles of the internet as Cable Porn.
This artistry that some sysadmins take the trouble to create has a practical purpose. All those delightful colors are probably a way of classifying the cables at a high level. For example, cables to different floors or parts of the building, or different parts of the data center, might be all of a certain color for each. And of course, such an immensely orderly arrangement of cabling like this is a heck of a lot easier to troubleshoot, maintain or extend than something like:
The first image is from /r/cableporn/, and the second from /r/cablegore/. Is it true that for every subreddit, there is an equal and opposite subreddit?
The EFF is on a campaign to get everyone to use better passphrases. The best passphrases are unique for every site and unguessable, because they look like this:
Ideally, we’d all enroll in something like LastPass or 1Password, or we would start using KeePass or similar. Then we’d all have a different passphrase, on the model you see above, one for every site. All brute-force and rainbow-table attacks would be useless. But we know, for a lot of people, it’s a big adjustment to make.
A simpler approach than converting all logins to the use of a password manager is, making it a practice to build strong memorable passphrases out of a handful of common words. This was made famous by an xkcd cartoon:
So famous, in fact, that if you try to register “CorrectHorseBatteryStaple” as a new password on DropBox, you will get an error message telling you not to get your passphrases from webcomics.
The EFF Dice campaign advocates this type of strategy, using actual physical dice and a selection of word lists you can take as the source. You look up the dice rolls in those lists to select the component words. The advantage of physical dice and manual lookup is, you are protected in case the computer where you select the passphrase has already been compromised.
But I have some questions for those who insist on this level of isolation for the selection process of a new passphrase:
If my computer is compromised and I know it, I’m not going to engage in setting a sensitive passphrase from it anyway. So I can generate a passphrase using offline methods but I still need to get to a clean machine to install it.
If my computer is compromised but I don’t know it, I’m going to install the new passphrase from it. Then I’m pwned, anyway. So I lose nothing by generating the passphrase on it as well. (I suppose if I am going to generate a passphrase from one machine and install it on another, I’m doubling the risk of being pwned if either machine is compromised.)
If my computer is clean, using it to generate and install the passphrase is a negligible incremental risk from just using it to install the passphrase.
I get that the EFF is making an important point about randomness and about taking care of the entire chain of custody for high-stakes passphrases and keys. I love the EFF, and I sent them a few bucks to support this campaign, and I got a cute T-shirt and set of dice in return. But just for the convenience, I make my passphrases on a computer that I reasonably believe to be clean.
A while back, I scraped several overlapping online lists of the body of words known as SOWPODS, and put it in the back end of a simple spreadsheet tool that I share with you below. Look at the grid that comes up and mentally select at least four words. If you don’t like the 25 you have to choose from at first, refresh for 25 more.
Finally: these multi-word passphrases are a great improvement over “Tr0ub4dor&3”. But are you really going to memorize 100 of them? Or even 25? No you most certainly are not.
So go get a f*ing password manager and then make yourself a good six-word passphrase! Let THAT be the only passphrase you have to remember, forever more!
As I wrote here, I use an ad-blocker. My reasons for doing so stay the same. I cannot hear the plaintive cries of the sites whose revenue will suffer if I don’t see all their ads, especially not over the shrieks of the malware they propagate.