Two-Factor Authentication and Aegis Authenticator

Two-factor authentication (2FA) is a common, effective and easy to implement method to improve online security. It involves adding an additional factor to the authentication process so that, even if someone manages to get hold of your user ID and password, they still can’t get into your account.

In Belgium, we have the well-established itsme which provides an additional layer of security for online banking, government services and a whole range of online activities. There is also the much newer, and largely ignored, myID, for which I have yet to find a use.

There are also a variety of authentication apps that can be installed on your mobile phone. Once set up, these will continually generate a (usually) 6 digit passcode that you need to enter when logging in to the protected website.

When I started using 2FA (outside of itsme) I went with the first authenticator app that I found, which was Google Authenticator inevitably enough. It is certainly very easy to use and does make it very easy to get started. There are a couple of things about which I have become increasingly unhappy.

The first of these is that it’s a Google product, and because I don’t like being overly dependent on a small number of very large companies, I tend to seek alternatives when I can. More seriously, Google Authenticator appears to lack any sort of backup option, which is problematic.

So, after looking around for a bit, I have settled on Aegis Authenticator, which is a much more security focussed authentication app.

For a start, it does support backups. Not only am I able to back up my vault to my own server, but the app also supports Native Android backups, so I could just switch it on and forget about it. I also like the fact that you actually need to sign in to the app, either with a fingerprint or other biometric option, or with a password.

And the app manages to remain remarkably straightforward to use. I think I will be sticking with this one.

Of course, 2FA is not a panacea, but it is a big improvement on relying on just a password and if you can use it, you really should.

And on that note, I should point out that WordPress supports Two-Step Authentication, and you can set it up from the Security Tab on your Profile settings.

BookWyrm: Federated social reading

I’ve mentioned Mastodon before now, but the great thing about federated social media is that it is not dominated by a single server, or even a single type of software. Multiple applications and networks exist to support a wide variety of social activities. And, because they all use the same protocol, they can all talk to each other.

It’s because of this that I came to discover BookWyrm, a non-commercial alternative to Goodreads on which you can track your reading habits, talk about books and find suggestions as to what to read next.

Of the available servers, I have settled in The Library of the Uncommons, the membership of which leans towards Science Fiction and Fantasy novels in terms of reading preferences. This, of course, is great for me and I have already discovered a couple more books to add to my ever-expanding pile of must-read books.

Because all of these federated services can talk to each other, I can interact with people on other servers regardless of whether they are using BookWyrm, Mastodon or anything else.

BookWyrm is still under development but all of the essentials are in place and working well. I especially like how easy it is to migrate from Goodreads to BookWyrm by exporting your books from one and importing them into the other. The import wasn’t perfect, but the site does tell me exactly which books I need to check, so getting everything set up is a remarkably painless process.

I find I am getting a lot more out of BookWyrm than I was from Goodreads. I haven’t deleted my Goodreads account yet, but I suspect that this is only a matter of time.

You can find me at The Library of the Uncommons. Feel free to pop over and say hi.

Mastodon: Because life’s too short for imbeciles

Federated social media has been around since 2008 and I have been bouncing around various federated networks (with a couple of hiatuses) since the end of that year. The idea behind federated networks is that, rather than having to rely on a single large server to control all your messages, lots of smaller servers achieve the same result by talking to each other. The obvious analogy for this is email: if I want to send a message to someone, all I need is their email address and, thanks to the magic of open standards, any message I send will be correctly delivered.

The federated network that everyone is talking about at the moment, of course, is Mastodon.

I had signed up to Mastodon a while ago, to a smaller instance that is no more and when I returned to the network I was quite interested in the idea of running my own server. Being lazy, however, this led to a bit of procrastination on my part until I came across masto.host, which really does provide the best of both worlds: Everything on the server is under my control, while, for a small monthly fee, I can leave someone else to look after the server and software maintenance.

And when it comes to managing what I do and don’t see on my timeline, the tools provided by Mastodon are really rather good.

On a personal level, I can block and mute any obnoxious types I happen to bump into, and I can also filter out specified words and phrases if I want to ignore a particular conversation (always useful during bug sporting events). I can even block whole domains if I decide that I just don’t want to deal with anyone from a specific instance, all I need is a single click.

The site moderation tools are equally well designed. Obviously, with only one user on my own instance, I haven’t had much need to use these, but I do like the fact that I can also silence other instances if I really don’t want to deal with them.

Overall, I do like Mastodon and it has proven to be a very comfortable place to return to. I do like its decentralised nature and the fact that both the developers and the various communities are keen to encourage this.

You can find out more, including a video explainer and a list of available servers at Join Mastodon and, if you ever find yourself looking for someone to follow, you can find me @Paul@social.lightlyseared.online.

Scratch

A few weeks ago, William told me he wanted to make his own computer game. So I installed Scratch on his laptop and told him to see what he could do. It turns out he can do quite a lot.

Scratch is a visual programming language. While it has all the features you would expect, the programming itself is done by dragging and dropping blocks rather than typing text. This makes for a very intuitive interface which allows you to get up to speed very quickly. Well, William did.

After a couple of pointers from me about loops and variables, he was off and now has a working game in which teleporting monkey has to collect various objects.

He then discovered that there is an online editor and a collection of tutorials and, after two weeks, he’s probably a better Scratch programmer than I will ever be. If he carries on like this, it’s not going to be long before he has a better handle on event-driven programming than I do.

As someone who makes a living as a developer, I’m not sure whether I should be proud or embarrassed.

Either way, Scratch itself is proving a very effective way of enabling kids to not only build their own applications, but also understand the underlying principles. The visual interface allows them to focus on developing applications, rather than having to worry about syntax, and the development environment provides instant feedback which encourages them to try things out and see what happens.

I am very impressed.

Facebook threatens to stop spreading conspiracy theories if they can’t spy on their users

Back in July, the court of justice of the European Union ruled that companies like Facebook could be prevented from sending data back to the US because they don’t have enough protections against snooping by US intelligence agencies.

The ruling didn’t immediately end all transfers, but does place a requirement on national data protection authorities to vet the sending of any new data to ensure that any personal data complies EU’s GDPR data protection rules.

And so to Ireland, where Facebook’s European operation is located and, therefore, responsible for enforcing this rule.

On Tuesday Facebook tried to strong-arm the Irish data protection commissioner by threatening to pull out of Europe if forced to comply with the law.

We live in hope.

I was going to go on a rant here, but then I noticed that the satirists at NewsThump have already been there: Facebook threatens Europe with fair elections decided by well-informed voters. What a prospect.

Of course, they’re bluffing and, by Wednesday Nick Clegg, Facebook’s vice president for justifying Zuckerberg’s tantrums, and former UK deputy prime minister¹ was frantically backpedalling.

I find his arguments (as reported) more than a little disingenuous. He’s eliding personal data (which is covered by the GDPR) and data in general (which isn’t) and claiming that having to keep up with ever changing rules (they aren’t) is impossible (it isn’t).

Realistically, Facebook isn’t going to go anywhere. They might thrash around for a bit but, ultimately, there is too much money in spreading hate speach and algorithmically promoting conspiracy theories and the Zuckerborg will comply with whatever rules are imposed.

But imagine being able to go online without being endlessly monitored, and not having ever more extreme content pushed at you.

The technology exists. It’s called RSS and Daniel Miessler thinks that it’s time to get back into RSS. Personally, I never stopped using RSS — my reader of choice is Newsblur — and I can’t imagine not having a single place to find pretty much everything I have chosen to read or watch online.

Footnote

Of course Liberal politicians end up working for surveillance capitalists. It’s 2020.

The spirit of Tony Hancock lives on

This is too wonderful for words. It turns out that almost all 57,000 articles in the Scots language version of Wikipedia were written, edited or overseen by a single person. Who doesn’t speak Scots.

That’s right, someone doing a bad impression of a Scottish accent and then writing it down phonetically is the chief maintainer of the online encyclopedia’s Scots edition. And although this has been carrying on for the best part of a decade, the world was mostly oblivious to it all – until today, when one Redditor finally had enough of reading terrible Scots and decided to look behind the curtain.

Emphasis mine.

My first thought when I read this was of Tony Hancock and, since everything is on YouTube these days, here is the scene I thought of:

It’s not clear whether the Wikipedian has spent the past near-decade creating thousands of fake posts as some kind of incredible practical joke, or that they honestly felt they were doing a good job. There have been occasional interactions with real Scottish folk taking exception to pages, and the administrator has responded in a dead-pan fashion.

I do hope that this is a joke — for the sake of the Wikipedian in question — because if he really is a latter-day Hancock then this is a screw-up of epic proportions.

Blob World

This is wonderful. There’s a guy on YouTube, going by the name of Primer, who uses a computer model to explore evolutionary concepts, which he discusses on his YouTube channel.

Visually, it’s all very simple but there is something remarkably appealing about watching these amorphous blobs evolve and survive as he discusses the concepts being displayed.

It gets better though. Jasper Palfree at MinuteLabs have taken Primer’s simulator and made an online gadget that allows you to play around with the initial settings and watch the blobs evolve.

The blobs have three traits — speed, sight and sense range — all of which mutate at a predetermined rate. You can choose both the initial values for these traits and the rate of variance, and then you let it run and see what happens.

It’s fascinating.

Administrative Note

This shouldn’t affect any humans following this site, but I have noticed that the various spam bots always target older posts. In order to splat them a bit, I have changed my WordPress settings so that comments will be automatically closed after four weeks.

If you run into any problem with commenting on the site, please let me know via the contact form.

Covid: Resurgence and risk

While the Covid infection rate is still trending downwards in Europe, there have been a few flare-ups and several areas have gone back into lockdown. In response, the European Commission’s research centre has launched a tool that provides an overview of which countries are most at risk.

It takes a while to load, and some of the data used can be a few days old, but it is interesting to see how various countries are coping. And clicking through to the underlying data is already proving to be far too much of a time sink for me.

What really leapt out at me when I first saw the map, though, was just how vast is the discrepancy in infection rates between England, Scotland and Wales.

Stay safe, folks.

Belated birthday wishes to PHP

PHP, the web scripting language that powers almost 80% of the web turned 25 yesterday. This is quite an achievement for something developer, Rasmus Lerdorf had intended as nothing more than a C templating language.

I remember playing around with the language in the early years of this century, back when it was still a new thing, and got as far as writing half a content management system before I discovered that B2 and (later) WordPress were achieving the same results in a far, far better manner.

PHP is the workhorse of the web but not fashionable. The language is easy to use but its dynamic and forgiving nature makes it accessible to developers of every level of skill, so that there is plenty of spaghetti code out there, quick hacks that evolved into bigger projects. In particular, early PHP code was prone to SQL injection bugs as developers stuffed input from web forms directly into SQL statements, or other bugs and vulnerabilities thanks to a feature called register_globals that was on by default and which will “inject your scripts with all sorts of variables,” according to its own documentation.

Which is probably a fair summary of the language. It’s very easy to pick up and start using but this ease of use also means that it’s similarly easy to get way over your head and create something of a disaster for yourself.

That said, it’s a well established language now and one that isn’t going anywhere. PHP will certainly still be around in 25 years time, but it will be interesting to see just how much further it develops over that time.