A safe place for passwords?

January 14th, 2012 No Comments »

Do you have hundreds of logon credentials for various web sites, computer systems, banking systems? Do you have trouble remembering all of your passwords or even the usernames associated with them? I certainly do and I needed a solution. I could always write them down in a notebook and store that safely, but what if I lost the notebook or someone stole it? It’s also not convenient to carry that around with me wherever I went not to mention the increase in the probability that I’d lose it. I could use a spreadsheet? Nah, not even a password protected spreadsheet is a good idea because they are so easy to crack. So I decided to use a piece of software known as a password safe. Password safes are applications which are specifically designed to securely store your credentials in a encrypted file. I chose an application called KeePass, specifically KeePass Professional Edition (v2.17 at time of writing).

I chose KeePass for a number of reasons. Firstly, it is open source, meaning that the source code for the application is available for anyone to look at. This has a number of advantages, the main one being that it increases the trustworthiness of the application. If everyone can see the source code, then it’s unlikely that the application will start sending your usernames and passwords to unscrupulous scammers without your knowledge because someone would have probably spotted that by now! The second advantage of using a popular open source program such as this concerns the re-use of the code – the basic file format and application operation can be inspected and ported to other platforms such as mobile phones, which is where the latter part of this blog post will concentrate.

KeePass ProfessionalMy other big reason for using KeePass was the simplicity in which it operates. You create a password database on your file system (Documents library, etc), protect that file itself with a Master Password – yes you’ll still need to remember ONE password to unlock all of your other ones, and start creating new passwords. You can organise them in a folder structure, categorise them with different icons, and even store additional information such as the web site it’s associated with or notes and file attachments. KeePass even has its own built-in recycle bin to prevent accidental deletions of important credentials. All of these details are encrypted by default with an AES 256-bit cipher, currently one of the strongest commercial grade algorithms out there. Did I mention it is FREE?

 

If you want to get really geeky, then you can also protect your password database using a certificate (.key file). Only when both the key file AND your password are combined can you unlock your database.

If you want to get really, really geeky then read on, because I’m about to tell you how I have my password database set up. Obviously I’m going to be leaving certain details out for security reasons, but this story is about how I’ve managed to synchronise my password database with my mobile phone – two way over-the-air synchronisation.

You’ll be aware that my smartphone of choice is Windows Phone 7, and it just so happens that there is a KeePass port on that platform. 7Pass is an amazing little app, available with full functionality for free, or 79p if you’d like to help support the developer, in the Windows Phone Marketplace. It supports a protocol known as WebDAV. WebDAV is a little-used feature of many web servers which enabled them to act as a file server over HTTP/HTTPS – you can browse the contents of a WebDAV enabled web server as if they were a mapped network drive.

KeePass Implementation

My configuration is best expressed in diagram form I think, so I’ve drawn up the diagram you see above. My PCs all run the standard desktop version of KeePass Professional. They all point to the password database stored on an ordinary Windows-based network share located on my Home Server. Now all of my computers can access the same database wherever they are. To add to that, my laptops run Offline Folders which mean that even when I’m away from home I still have access to the database which is automatically synchronised when I return.

Now for the tricky bit, my Windows Home Server runs IIS by default in order to provide the remote access features of that operating system. I created a new virtual folder in IIS, pointing at the folder hosting the password database. I configured WebDAV globally in IIS and specifically targetted the new virtual folder. At this point, it’s a good idea to make sure that WebDAV is working – to do this you simply map a new network drive in Windows Explorer to the URL of the WebDAV folder you are trying to access. Make sure it’s protected by a username and password (I’m using plaintext authentication for compatibility reasons, but utilising windows security), and that you are using the SSL (https) URL for basic encryption. If that works, you’re ready for the next stage.

Because my server is already accessible via the Internet, my WebDAV share is also accessible with no additional effort. I installed 7Pass on my mobile, and set it to open a new password database located on a WebDAV share. I gave it the location of the WebDAV folder I created previously (the folder, NOT the file itself), and the app then allowed me to select the database file from the list of available files. That was it! All I needed to do was enter my password safe password to unlock it and all of my credentials are there for the viewing wherever I go. Because it is located on a WebDAV server, 7Pass is able to upload anything you add on your mobile to the master database on the server.

If, unlike me, you don’t have the infrastructure to do this, you can still happily use KeePass on your Windows PC, Mac, or Linux PC. There’s also mobile versions for the iPhone, iPad, BlackBerry, old style Windows Mobile, Android, PalmOS and even ye very olde Java based mobile phones.


Windows Phone 7 Apps

July 3rd, 2011 4 Comments »

One of my readers commented on this blog with a very valid point regarding the Windows Phone 7 marketplace – the “App Store” as it were for Windows Phone 7. I’m paraphrasing here, but in essence it is very difficult to find anything in it. I’m no user interface expert myself as you can tell by this blog layout, but I know when content is tricky to find. This article, therefore, lists the apps that I am currently using in the hope that any randoms who land on this page may find it useful. It must be noted that on principal I have yet to furnish my Zune account with a credit card number, so all of the following apps are either free or running in trial mode.

Adobe Reader
If someone emails you a .pdf file, you’ll need this to read it. Simples. I tend not to open it directly, it launches automatically when I tap a pdf attachment which is exactly what I want it to do. The usual pinch to zoom and rotate for landscape controls work – this app is nothing fancy, just very useful.

Amazon Kindle
Yeah, reading a book on a small screen is not ideal. So far I’ve just downloaded a few chapter trial reads and discovered that it wasn’t that tricky to read to be honest. I’m actually considering purchasing my next read in Kindle format to give it a real test. Sadly though most classics are labelled as ‘Not available for purchase in your country’ which sucks big time.

Dilbert Hub
Dilbert, the hero of every IT, engineering and technology office in the world has his own app. It delivers a daily Dilbert cartoon to the front page of the app as well as giving access to the FULL archive of Dilbert cartoons going right back to the beginning. I’ll let you work that date out for yourselves, I’ve tested it and they’re all there!

eBay
If you use eBay then you’ll need this app. It really utilises the whole WP7 active tile idea to the full. The main “my eBay” page gives you four tiles listing your watching, selling, buying and messages summaries. You can slide across to saved and recent searches or view your reminders. Personally, I disable the reminder warning which will alert you, regardless of whether the app is running, when an item you are watching / bidding on / selling is nearing the end or has been outbid. For keeping your eye on auctions it is great, bidding, buying, searching is also pretty good. You still need your PC if you want to sell things properly but for most things it is great.

Facebook
I’ve installed this app, but honestly don’t really use it. The Facebook integration with Windows Phone 7 is so good that this app is mostly superfluous. The main advantages it does have though are the events lists and access to your Facebook account settings. I have this installed more as a “just in case”.

Freda
An ebook reader which supports epub files. So far it seems the best of the bunch.

gMaps
Let’s be honest, the built in Maps application is pants at the moment. Basic directions and GPS location on Bing maps is all you get. gMaps gives you more or less the same functionality, but with Google Maps instead. Personally, I’m hoping for great things in the Mango update because all the mapping options at the moment suck.

Tesco Groceries
Do you shop at Tesco online? Well you need this in your life. It’s surprisingly easy to book a delivery slot and browse through the list of products to create your shopping basket. Tiles hold the categories of products and the interface is so clean and nicely laid out that shopping is a pleasure.

HTC YouTube
Much better than the official Microsoft YouTube app which just opens Internet Explorer on the mobile YouTube website, this HTC app is an actual YouTube app allowing searching and playing of content. You can choose the playback quality which is important for keeping within your download allowance.

Lottery Results
Displays the lottery results for the country of your choice. Very simple but a badly designed interface. It works though and that’s the important thing.

Turn by Turn Navigation
This isn’t a free app, but the trial allows you to navigate journeys up to 12 miles. It’s pretty much the only choice for turn by turn navigation on WP7 at the moment and it’s not brilliant. Only in the last couple of weeks has it given you the option to download maps offline. When I first tested it here in the depths of Wales, as soon as I went off route it failed due to lack of mobile phone signal.

Pic2shop
Wondering if that shiny new gadget on the shelves of Currys is cheaper online? Scan the barcode using your phone’s camera and this app will go online and check prices at a variety of popular retailers. It works reasonably well most of the time.

QuickMark
Have you seen those strange black and white square patterns on marketing posters? Scan them with this app and your phone will usually send you to a web page to give you more information. These QR marks as they are known are becoming ever more common, especially at exhibitions, so it is quite handy to have a scanner like this to keep a record of things you are interested in as you walk around.

Solitaire
This version of Solitaire by Jakepoz is the best I’ve found on the Marketplace. It supports 3-card and 1-card draw as well as Vegas scoring if you’re in to that sort of thing.

TopCashBack
What??? You don’t have a TopCashBack account yet? Click here to get yourself one straight away. You get cash back on most purchases you make online, and even quite a few reserve-to-collect-at-store purchases. If you don’t have a TopCashBack account, you are throwing money down the toilet.

Online Cashback


Twitter
The official Twitter app is very handy, but will probably be pointless once the Mango update arrives with its alleged built-in Twitter support. Still, at the moment you need a separate app and this is as good as any other despite what all the other apps claim.

Wikipedia
The official Wikipedia app is great. Fast searches to wiki pages make for a very quick and simple lookup to prove your friends/spouse/siblings wrong as soon as possible after the inevitable disagreement.

WordPress
A very simple app which links to your WordPress blog and enables basic comment approvals, post writing etc.. There’s no way you could type an article like this on there, but it does let me post my drafts and approve comments on the go.

Coming soon… The “My Home Server” app links your phone to your Windows Home Server 2011 machine. I’m currently beta-testing the product and quite like it. I’ll do a full review once it is properly released but so far the highlights include a live tile displaying a server drive space pie chart and alert notifications, and my favourite thing of all – a ‘send to home server’ option for photos.

APC Back-UPS ES 700

May 8th, 2011 No Comments »

APC Back-UPS ES 700Darn those pesky power cuts.They can take your computer down without warning losing precious data in the process. Worse that that it can cause component failure and here in sunny South Wales we seem to have them quite frequently. That’s why you need a UPS. It’s basically a big battery with power sockets on designed to keep you running during a blackout.

There are loads of different types of UPS to choose from ranging from small consumer units right up to massive multi mega-watt units for data centres. I need one purely to keep my home server running in the event of a power failure. The brand I’ve come to trust over the years from a professional perspective is APC, so it made sense to investigate their line of consumer UPSs first in order to replace my old APC Smart-UPS which has a dead battery. So far I’m predictably impressed, as I usually am when faced with a new gadget. I went for the biggest one they did which can cope with around 400W for up to 3.5 minutes. I’m loading it with just over 100W and testing so far has given me a runtime of 16 minutes on battery.

The Back-UPS is wall-mountable (as you can see in my photo) and includes 4 ports for power backup, and 4 ports just for surge protection. My switch and monitor are surge protected only whilst the server gets the juice protection too. So why did I get the consumer option and not the fancy rack-mountable UPS instead I hear you ask? Well, three reasons: 1) This is a home and a UPS can get hot… stuck inside a rack is probably not the safest option as far as cooling goes so keeping it outside the rack is more sensible from a fire safety point of view; 2) The 1U rack mountable ones in APC’s range only cope with around 250W of power – I may cause an overload if I push the server; 3) Cost – the consumer Back-UPS is a fraction of the price of the rack-mounted beasty (about a third of the cost).

PowerchutePE1On to the provided software, PowerChute Personal Edition. It’s very basic but does most things you’d expect of a power management device. After installation (and a very important reboot for power management driver replacement) you are able to configure how long after a power failure you’d like the server to initiate a hibernation. Now… hibernation only, not a shutdown, so in theory all your data is safe and on resume of power your machine will return to exactly where it left off. You can also adjust sensitivity and turn off the annoying beep the device makes when it runs on batteries.

PowerchutePE2

It also has an Energy Management feature which can turn on / off power ports based on whether it detects the ‘master’ device has shutdown or gone in to standby. This would be useful for people wishing to automatically power the monitor, speaker system or other peripherals off when you shut your PC down, but in my situation I’ll be leaving this feature alone. Lightning protection for telephone lines / Ethernet ports is also included and I’ll be using this to protect my switch from the ADSL modem at some point.

Now for my test results! After installing and configuring it to shut down after being on battery for 1 minute I pulled the power out and waited. After 1 minutes it duly hibernated.

Now the important bit – there is a delay of about another minute after shutdown of the attached machine before the UPS itself powers down – remember this! Once the UPS turned itself off, I reapplied power and the server jumped back in to life and carried on from where it left off. All good? Almost. The only problem I have with this UPS so far is that *if* power is reapplied between the server shutdown and the UPS shutdown, the UPS doesn’t cancel it’s own shutdown so you get a proper actual power outage on your device. This is a fairly daft bug but is acknowledged in the user manual. I’ll be contacting APC to ask if they have any comments or plans to sort this out and update you accordingly.

Overall though, everyone needs a UPS in their lives even if it is to keep your satellite box powered in a blackout, or to provide emergency lighting in your home. Go get one – there are several models available to suit your power requirements (I recommend the 700 for maximum juice).

Home Server Backup: CrashPlan

April 22nd, 2011 3 Comments »

crashplan

I mentioned a few weeks ago that I would discuss my proposed Windows Home Server 2011 backup plan in a future post, well this is that very post.

Currently I have over 500GB of data on my home server which needs to be backed up. About 100GB of that I would classify as critical, meaning that I would weep endlessly if I lost it. That critical category includes photos dating back to 1992 and all my home videos of the children as well as financial records and other boring documents. So it is understandable then that I need to make sure that I somehow have a backups copy of this data available should my server fail or get stolen. I narrowed my backup options down to three possibilities:

1) Another NAS in the house: This option would require me to purchase a new NAS with a lot of hard drive space, and schedule my server to copy all the data to the new NAS as required. The main drawbacks of this method being that firstly I have the expense of purchasing the new equipment and its associated running costs, and the fact that the backups would be sitting next to the server they are backing up making it just as liable to theft or meltdown.

2) Another NAS at someone else’s house: Again, I’d have to purchase a new NAS and then convince someone else to keep it plugged in at their house. I’d then need to configure some sort of remote synchronisation from my server, over my broadband connection to the remote NAS. Again, the drawbacks are buying hardware, convincing someone else to keep my backup NAS plugged in and backups speeds limited by the broadband connection speeds. Most people also have download limits on their broadband account so I’d probably have to supplement the cost of the subscription too.

3) Use an online ‘cloud’ backup server: There are many services offering cloud backup. You install a bit of software on your machine, tell it what to back up, and in the background it synchronises with their servers over your broadband connection. On the plus side you don’t have any need to host or buy hardware, but on the downside due to the amount of data I need to backup I will have to pay a subscription and should I need to recover that data from the backups I’ll be the mercy of my broadband connection.

Anyway, it’s option #3 that I’ve gone for. Most cloud backup providers have a tiered pricing model based on the amount of data you need to store. My aim was to find a provider offering unlimited backups for a fixed fee. The first provider I trialled was Carbonite (www.carbonite.co.uk). They promise unlimited storage for £41.95 a year but all is not as it seems with this company. Firstly, the backup client selectively ignores certain files by default (for example, .exe and anything over 4GB). You can go through your folders and manually select to back them up, but personally I prefer to select a folder and assume that everything in that folder will be backed up without having to go through manually and double-check. The biggest problem with Carbonite though is the limitation on your upload bandwidth once your storage requirements hit 200GB – they start to limit your connection to 100kbps which means my initial server backup would take almost a year to complete! That’s unacceptable and renders the unlimited promise pretty hollow. So I moved on…

crashplan2… and found CrashPlan (thanks to a tip-off from Diarra) at www.crashplan.com. They are US based only and therefore charge in dollars, an annual subscription costing $49.99 with longer plans bringing the cost down significantly. At time of writing I’m still within my 30 day trial period but I plan to subscribe once that expires. I’m completing my initial upload progressively and the first 16GB completed in less than 4 days. The interface isn’t quite as pretty as Carbonite, but it’s far more functional and doesn’t ignore files randomly unless you specifically tell it to. Better still, CrashPlan is FREE if you don’t want to use their online storage service (called Crashplan+). You can use CrashPlan to back up to other CrashPlan users over the internet, or just use it as a backup client to back up to a USB drive. It works on and between Linux, Windows and Macs meaning a Mac user based in somewhere such as, let’s say Ireland, could back up to my Windows Home Server for free over broadband.

With the CrashPlan+ subscription, your PC is constantly scanned for changes to data or new files in your backup locations, and backed up according to a schedule (which by default is every 15 minutes). You can set this to suite your taste, for example by allowing backups to run only over night. Data is transmitted and stored using encryption – you have the choice of using a password or your own encryption key for extra security if required and for additional peace of mind CrashPlan will store multiple versions of your files allowing you to role back to an old version in case of corruption (stopping the ‘Oops I deleted all the text from this document then saved it’ scenario).

My full backup should take about 4 months but critical data should be backed up within a month. I’ll be sure to blog if there are any problems, but if you’d like to check it out yourself, the basic CrashPlan program is free for all platforms at www.crashplan.com and the online CrashPlan+ ‘CrashPlan Central’ cloud backup service is free for 30 days.

Windows Home Server 2011–First Review

April 9th, 2011 4 Comments »

Microsoft has finally released the long awaited follow up to their successful home-server operating system, Windows Home Server 2011. I’ve been running this for a few days now and I think that is long enough to start writing up my initial thoughts and detailing my configuration.

The new server finally has an operating system. I’ve even mounted the chassis in the garage rack and all is good and tidy, if a little noisy from the fans. Installation was easy, although I did need to supply drivers for the PCI express RAID card on a USB memory stick which is fairly standard practise. I started by creating a RAID 1 partition between two Western Digital Caviar Green (WD20EARS) 2TB drives within the RAID controller’s BIOS and once the OS installation started and I’d loaded the controller drivers it automatically detected this drive as the primary. After that installation was seamless requiring only a few clicks and 45 minutes of waiting. Once built, I set up the four natively connected Samsung Spinpoint (HD204UI) 2TB drives as a software RAID 5 array within Windows’ disk management console. hs2-disk-managementOkay, I cheated a bit here; I actually created the RAID 5 array using the previously installed release candidate of Windows Home Server 2011, which was then left overnight to synchronise. After installation this time, all I had to do was simply import the foreign disk set and hey presto, a ready made and fully synchronised 6TBish RAID 5 array. So far transfer speeds are excellent, peaking at 125MB/s from the RAID 5 array over the network to my Windows 7 PC which is full maxed out gigabit Ethernet speeds.

hs2-LaunchpadNext came the client tools. I uninstalled the old WHS connector, rebooted, and installed the new one. Now came my first annoyance – is there really any need for the launchpad to pop up every time you log in? There’s no obvious option to start minimised either (although I can fudge this). Ignoring that though and the new dashboard is quite good. It’s a vast improvement on the layout of the old one, but it does lack some of the functionality. For example, the pie-charts illustrating your storage usage is now missing.

The cut-backs and half-hearted nods to extra functionality don’t stop there I’m afraid. Obviously there’s no DE (Drive Extender) any more which doesn’t bother me personally, but there still is no built in Windows Media Center functionality, custom domains for remote access are locked to particular registrars, DLNA menus are not customisable and individual user folders for document storage are no longer created automatically when a new user account is added.hs2-Dash-drives

So… I carried on anyway and migrated my documents across from the old server. This took all night due to the (lack of) speed of my old server. All 500GB copied eventually and whilst this took place both my desktop and laptop backed up automatically. I’d already used the dashboard to move certain folders from their default location on the primary drive to the RAID 5 partition. The only folder left on the primary drive was Recorded TV for purposes that I’ll discuss later.

hs2-WebAccessHomeThen I tried out the web interface and all was forgiven. The new logon page has done away with the photo of the random nuclear family for a much more professional looking page. Once you’ve logged in you get a modular and customisable page allowing you to browse your shared folders and file or remote control one of the machines on your network provided it is powered on. If it’s not powered on, you have to access the dashboard and use a 3rd party plugin to wake the machine up first. The best part of the web interface has to be the media streaming capabilities. Pictures can be displayed in a slide-show, music can be streamed using session-based playlists whilst being made pretty by a diagonally tiled scrolling backdrop of selectable album covers. Video is similarly impressive enabling bandwidth conscious streaming to your web browser.

hs2-WebAccessMusicPlayer

Next I installed the TV Tuner and MediaPortal’s TV Server. I set the default recording location to the home server’s Recorded TV shared folder on the RAID 1 system partition, which I figured would have the best disc transfer speeds compared to the software RAID 5 partition. Slow speeds could become a problem when trying to record multiple programs simultaneously, especially when I move it to HD. Once configured and tested I came across a plugin called TV4Home. This integrates WHS 2011 with TV Servehs2-TV4Home-webr giving you control of the configuration pages through the dashboard. While browsing these integrated dashboard pages I saw the install link next to ‘Web-Interface’ option which I duly clicked. Once installed you end up with a new option on the web interface giving you access to a brilliant web-based TV guide. You can click on programs you wish to record, view scheduled recordings, or see what you’ve already recorded. Brilliant remote access to your TV Server!

My overall opinion of WHS 2011 is positive. It has a few failings which I can work around but generally it is a significant improvement over its predecessor. If you are considering it, you’ll need a reasonably modern machine due to the limitation of it being 64-bit only, and you’ll also have to plan your storage requirements carefully as it’s tricky to expand. One more thing for those considering this: It will back up your PCs allowing you to restore them in case of a failure. It will also encourage you to store your documents, music, photos, videos etc. centrally on the server so don’t forget to back the data on the server itself up. I’m currently not doing this and even though I’ve made the machine as resilient as possible within sensible limits, resilience is no substitution for a backup.

My next steps are to purchase a UPS to guard against power failures, figure out some sort of backup system (already working on that for a future post) and then whack some more TV Tuners (Freeview HD and HD Satellite) inside. When that’s done it’s time for a Home Theatre PC or two to make use of it all.

« Older Entries