iHeinrich

just trying to find the answer…

Category: General

VPN and you.

VPNs are making the news and being advertised everywhere on the internet. If you are wondering WHAT a VPN is and IF you need one, this is the article for you.

What is a VPN?

The term VPN comes from the original use of the VPN as a Virtual Private Network.  Originally, the idea with this:

  • Bob works in an office.
  • The office has a network.
  • The network, for  security purposes, DOES NOT have access to the Internet.
  • Bob is outside of the office and needs to access the office network. He uses a VPN.

In this case, Bob connects to the office from home thru a VPN network appliance that sits in his office. He calls that network appliance and it provides a secure connection between Bob and the office. Bob is VIRTUALLY in the office and Bob has a PRIVATE encrypted connection and Bob can use the NETWORK.

DO I need a VPN?

You might be thinking, “Wait, I work in a flower shop, not an office, do I need a VPN?”

Yes, you do my florist friend.

After a hard day of floristing, you come home and connect to the Internet. You go to all your favorite websites and do all your favorite things. But there is a log of all those activities that resides with your internet provider. They can sell that log, sell your information to third parties.

Maybe you visited a website like, “Revolutionary Florists” by accident, or just out of curiosity. These guys advocate that only florists should be in power. Guess what? You just got your name on a watchlist.

Maybe you, in a moment of weakness, downloaded via Bittorrent that Japanese animation about that girl in high school who saves the world from alien demons by yelling at them? (ok, I just described every Japanese animation of these last 20 years). Well, the company and the lawyers of that Japanese animation can come after you. It’s really happened and people have had to cough up serious money.

Maybe you live in a country where all Internet access is very closely watched.

Maybe you work at a company who monitors your internet usage.

The simple fact is, if you want to look at the Internet without care of concern of who is watching you, you need a VPN.

If you value your privacy, you need a VPN.

VPN the nitty gritty.

How to get a VPN? Does it come in a box in the store? No. You need to find a VPN provider, and yes that is going to require some research and yes, you should pay for it.

A word on “Free VPN” providers

Nothing is “free”. Having a VPN company requires expensive software and hardware, so why would it be free? It’s not.

They sell your data to third parties, include adverts and basically do anything to monetize your account. Further, imagine the VPN server as a door. If only a dozen people an hour use that door, traffic flows smoothly. But what if 10,000 people an hour tried  to use that door? Nobody is going anywhere.

What to look for in a VPN provider

Nearly all paid VPN providers charge about the same price, so ignore the cost.

  1. Logs. If the VPN provider keeps logs of your activity, that’s NOT GOOD. Why keep a record of my browsing activity? Good VPN providers DO NOT keep logs so when someone shows up asking, they can honestly say, “sorry, we have no records”.
  2. Customer Support. VPNs can be tricky things to configure and get right. And when you run out of answers, usually a good tech support agent can help out.
  3. Speed. Good VPN providers have plenty of servers and plenty of bandwidth, so they won’t be slowing you down.
Not a review per se, but my experience with VPN providers.

I worked for a company that used to never monitor our internet browsing habits. Then, a few people abused this by watching porn in the office where EVERYBODY could see it and then a new IT director came in. Soon, our browsing became monitored and filtered. Bizarrely, the filter would often block tech sites that developers referenced and we really got annoyed.

I signed up for StrongVPN. It’s a great VPN company and used to have great tech support. I used for them for years. But I had to ditch them for two reasons:

  1. Logs. They kept logs. However, looking at the site now, they claim they do not keep logs anymore.
  2. Tech Support. When I started, it was awesome, after a while it went downhill.

I MIGHT re-consider joining StrongVPN, however, I am very content with my current VPN provider.

Astrill is an awesome VPN provider. This is not a paid endorsement. Some cool things about Astrill:

  1. No logs! Ever!
  2. Unlimited switching of servers. Want to use a server in New York, or Florida or St Louis and see which works best for you? Knock yourself out.
  3. Tech Support is very good. It’s not great, but the people you speak with are usually very sharp.
  4. Custom Protocols. They have their own OpenVPN protocol called RouterPro, which prevents you from being blocked in countries that block the OpenVPN protocol.
  5. Custom tools. I have my VPN configured on my router. This way, traffic from my router is protected. They offer a special JFF file you can install on your router. It’s very handy.
  6. They offer VPN apps for Mac, Windows, Linux, iOS… you name it.

That’s all for now. Next time I’ll discuss VPN protocols and why you shouldn’t use the default Blowfish encryption your VPN provider offers.

 

 

 

Not password, passphrase

For years, people have been warned about using strong passwords and being told that strong passwords have the following characteristics:

  1. Mixed Upper and Lower Case
  2. Special Characters

It goes without saying you should NEVER have a password that might relate to your name or the name of a family member.

But there is a website that will tell you exactly how STRONG (or weak) your password happens to be. The strength of a password is measured in entropy. The higher the entropy, the stronger the password.

http://rumkin.com/tools/password/passchk.php

So, using the above criteria, how strong are the following passwords?

Password Entropy Comment @1k guess per sec
He1nr1ch$ 39.9 Reasonable Strength. But it’s also my name. 17 years
Fleaswtracenlant 72.8 Strong. But it’s also the name of my ‘A’ School in the Navy. 149.7 BILLION years
Trump_8==> 42.9 Reasonable, and reflects a political opinion. 140 years

Is there a better way? Yes. Use four words that only mean something to you.

Example. Chicken Nuggets Tent Farts

I went camping with a friend of mine. He ate an entire 20 pack of Chicken Nuggets. I slept outside for obvious reasons.

What is the entropy here? 116.4 bits, which is incredibly strong. At a 1,000 guesses a SECOND, it would take 2,634,346,452,833,500,000,000,000 years to guess the password.

That’s 2.6 septillion years.

As a frame of reference, the Big Bang event occurred 14 billion years ago and the last dinosaurs died out 65 million years ago.

XKCD had a comic for this…

Do you Sikuli?

Do you SikuliX? You really should…

What is SikuliX? SikuliX is an GUI automation tool. It’s open source, so it’s everyone’s favorite price… free!

Sikuli supports a variety of languages. To quote the website:

  • Python language level 2.7 (supported by Jython)

  • running RobotFramework text-scripts is supported (see docs)

  • Ruby language level 1.9 and 2.0 (supported by JRuby)

  • JavaScript (supported by the Java Scripting Engine)

… and you can use it in Java programming and programming/scripting with any Java aware programming/scripting language (Jython, JRuby, Scala, Clojure, …).

Can you guess what language, I prefer my SikuliX? If you said Ruby, you’ve been paying attention.

I’ve been using it for app testing and browser based testing as well.

SikuliX can’t be trained to carry buckets of water just yet

Happy 2018!

It’s a whole new year! I will hopefully be blogging more now.

Java and JavaScript

I was sitting in a meeting and there was a bit of confusion about whether the specification called for Java or JavaScript.

When I asked about which one it was, I got this amazingly hysterical answer.

“Java or JavaScript? Doesn’t matter, it’s really the same…”

Yowza.

Allow me to clarify, in case you find yourself locked in a room with people who speak only in buzzwords and really have no idea what they are talking about.

Java is a programming language written in 1995 by James Gosling. The dream was that it would be a “write once, run everywhere” language. It runs on a Java Virtual Machine, and it’s hugely popular to teach on college campus.

Also, there are like a billion unemployed Java developers.

Let’s take a look at “Hello World” in Java.


class HelloWorldApp {
    public static void main(String[] args) {
        System.out.println("Hello World!"); // Prints the string to the console.
    }
}

Classes, Public, Static, void,…. it’s not for the casual relaxing day of coding by the beach.

JavaScript has nothing in common with Java. It is a completely different language with a similar naming.

Programs in JavaScript are called scripts. They need no compilation, you just write a script, append it to HTML-page and it works.

Let’s take a look at “Hello World” in JavaScript.

<script>
alert('Hello, World!')
</script>

Really simple, and runs in most every browser.

Oh yeah, and they are NOT THE SAME.

New blog, different approach

If you are reading this, there is a chance you remember my long running blog, “The Heinrich Show”.

While “The Heinrich Show” was a fun blog (I laughed), it really was more geared for my circle of friends.

In retrospect, I think Facebook killed the Heinrich Show. But that’s ok. Not everything is supposed to last forever.

iHeinrich is really about solving technical problems, how I solved the problem, and gripes about how long it took me to solve a problem.

 

 

Powered by WordPress & Theme by Anders Norén