The world’s most hacked passwords

If that’s tough to remember, I’d recommend a line from a book or a song – and also do not be afraid to have a physical book for your passwords. As long as you keep this separately from your devices and not in a text file on your desktop, it’s actually pretty secure.

I love this advice. Keeping passwords in a physical notebook is a great solution for a lot of people. Like my mom. She’s quite illiterate when it comes to computers, and it quickly became obvious that using a password manager software would be overwhelming for her. So I sat down with her one day, and we created unique random passwords for all of her accounts by hand and wrote them down in a notebook. Let’s face it: for most people, the hacker is rarely inside the house. Managing your passwords this way is much more secure than using weaker passwords that are easier to remember.

And yes, 123456 is still the world’s most used password in 2019.

Decent Security

Welcome to the resource you’ve been waiting for your whole life. Decent Security is a step-by-step guide to help you properly set up a Windows machine and be secure in a matter of minutes. It’s written by @swiftonsecurity, who is somewhat of a mysterious being, but is also one of the better known systems security experts on Twitter with a total of 272K followers at the time of writing.

The website contains no-nonsense material that will get you up and running (and secure) as fast as possible, from an explanation of how users get infected with malware to guides on how to set up and maintain a Windows machine, how to configure a router, and how you get phished. Not only that, but it provides solutions for both home and enterprise users.

Even though I’ve been tinkering with computers for over a decade now, I learned a lot reading through Decent Security while setting up Windows machines, and you can too; it’s a very beginner-friendly tool. No particular knowledge is required to make use of it. Whether you want to set up your brand new Windows laptop or simply beef up the security on your existing hardware, please read through this resource next time you feel like giving your computer a well-deserved spa day.

Privacy Badger

Privacy Badger is a browser add-on for Firefox and Chrome. It helps keep your online identity private by preventing third-party trackers from tracking you across websites.

The whole thing is very user-friendly: Privacy Badger learns to identify malicious trackers as you browse the web, which means you don’t have to configure anything after installing it. I use it in conjunction with uBlock Origin. I like this combination because uBlock Origin blocks trackers found in user-generated lists and lets Privacy Badger catch the rest.

To install it, head on to the Electronic Frontier Foundation’s website. They’re a well-known non-profit that’s been fighting for online privacy since the early 90s. Check out their other projects, and make a donation if you have spare cash.

Apple News launches in Canada

After 3 and a half years of waiting, Apple News is here! It came bundled with the iOS 12.2 release that was made available for download on Monday. As soon as you install the update and your device restarts, the News app will appear on the first page of your home screen on both iPhone and iPad.

The way it works is pretty straightforward. Remember RSS feeds? That’s what it reminds me of. It’s a news aggregator - Apple does not produce its own content for News. However, it’s an editorialized news aggregator. Some people will like that, others not so much. Top stories are hand-picked by Apple News editors, but users can strongly influence what they see. More on that later.

The idea behind the News app is that you get to make your own newspaper and read it. It feels just like you’re reading one, too. You will see stories from a plethora of newspapers and digital publications all jumbled together in the Today view. That’s the home page of the app, if you will. The Today view is the one that most resembles an actual newspaper. It is divided in different sections: a sports section, a business section, a gardening section, a computer section, a fashion section. Just like an actual newspaper. You can grab the section you like and read through it. Just like an actual newspaper. Or, you can read your briefing, which is a collection of the main headlines of the day, a lot like the front page of... an actual newspaper! Of course, you can also pick a single topic to explore or an individual publication to read.

Unlike an actual newspaper, the content is tailored to the user’s preference. You can follow channels (publications like The New York Times or The Globe & Mail) and topics (interests like Canadian politics or Playstation games). Everything you read has two different hearts in the top right corner that act as like and dislike buttons. When you tap ‘like’ on a story from a channel or topic you enjoy, you’ll get to see more of it in sections like the Today view. When you tap ‘dislike’ on a topic, you’ll see less of it. When you tap ‘dislike’ on a publication, you will never see it again (until you un-dislike it yourself). All of this means that you get to create your own sections in your own newspaper, and unlike an actual newspaper, each section is comprised of a variety of sources that you trust and love. Unfortunately, it’s easy to fall victim to the echo chamber syndrome when you curate your own content and I’m not sure you can avoid it here any more than you can on Facebook. Even if you avoid disliking topics and channels that challenge your values, Apple’s on-device AI learns what you enjoy reading over time and algorithms will skew what you see. The only suggestion I can make is to go ahead and subscribe to news outlets you would not normally read, but no one does that.

Everything I have written about so far is free, but there is also a paid tier called News+. It gives you access to The Star and 300+ magazines, 30 of which are Canadian publications (I’ve spotted Maclean’s, Hello! Canada, Ottawa Magazine, The Walrus, Chatelaine, L’actualité). These numbers will undoubtedly fluctuate over time as deals with publishers end and new ones begin.

Some magazines have been specially optimized for the Apple News Format, like Wired and National Geographic. Reading those is very intuitive once you get acclimated to the way the rest of the app works. These optimized publications try to take advantage of the digital format to tell stories in a way you just cannot convey in a printed issue. There are lots of animations and cool scrolling effects, and you can access whatever article you wish to read right from the table of contents just by tapping on it. I think it’s very well done, but not by itself a reason to subscribe. Other non-optimized magazines are simply served in PDF files, and let me tell you, reading those is a nightmare when you’re coming from a publication made using the Apple News Format. Scrolling through them is clunky, you have to pinch and zoom to read properly, and it’s especially frustrating on the smaller screen of an iPhone. Not a very good experience.

Everything that comes with News+ is downloadable, and you can set it up so that new issues of a magazine you like are automatically downloaded and stored for offline access as they release, a lot like podcast apps do with new episodes. News+ costs $12.99 a month and everyone gets a no-strings-attached free trial for one month.

The paid tier is only a good deal if you like a bunch of these magazines and you’re not down with spending a fortune subscribing to each one individually, and if you like reading The Star. Otherwise, the free tier has plenty to offer you.

After 24 hours of use, I can say I’m a pretty big fan of Apple News overall and will keep on using the free version.

  • I like how you can toggle notifications for each publication individually, or turn them off altogether.

  • I like how it really brings back the feel of reading the paper.

  • I like how easy it is to tell the app what you like and don’t like to see.

  • I like how everything you enjoy reading comes together in one app without any ads.

  • I don’t like the News+ offering at the moment - I wish Canada would get more bonus newspapers (users in the US get access to the Wall Street Journal and the Los Angeles Times).

  • I don’t like how hard it is to tell what comes standard with the app and what content is part of News+ once you have activated your free trial - it makes the decision to cancel or resub much harder than it should be.

  • I don’t like how Apple managed discoverability - you pretty much have to resort to trial and error in the search bar to determine what publications they offer.

But that’s me. Give it a go and maybe you’ll feel differently.

Passwords are the worst

Alphanumeric passwords are an archaic security system that should be replaced immediately. They are so inconvenient, especially in a mobile world, that a lot of people simply forgo them entirely in favour of convenience. Complex passwords are hard to remember, therefore people use simple, easily guessable ones, or reuse the same one everywhere on the Internet. Sometimes both.

Students from Xi’an Jiaotong-Liverpool University in China published a study in 2018 where they explore the possibility of replacing traditional passwords with semantically-linked images for mobile devices. They basically show that arranging a set of images in a predefined fashion to unlock your mobile device is as secure as entering a passcode, easier to remember, and better adapted to touch screens. Great, right?

I think it’s an interesting concept, but swapping one input system for another is unlikely to solve the issue. No password system is secure if users simply opt out. From the study: 

Research by Micallef et al shows that over 64% of users chose not to secure or use an authentication system on their mobile devices. However, it has been suggested that users may not assign significance to the information existing on their mobile devices, other arguments, such as that made by [Micallef et al], suggest that users dislike the inconvenience of repeatedly unlocking their mobile devices.

Yikes. 

The trend over the last few years has been to implement biometric authentication on phones and other computers. Touch ID and Face ID are probably the two most well-known systems. If you use a Windows machine, you might be familiar with Windows Hello.

When Apple launched Face ID in 2017, they touted how secure it was. Sure, the identification system in action here is pretty much unparalleled. Unfortunately, it and almost all consumer-grade biometric recognition systems have a fatal flaw. Here’s an excerpt from the Apple support page for Face ID:

The probability that a random person in the population could look at your iPhone or iPad Pro and unlock it using Face ID is approximately 1 in 1,000,000 with a single enrolled appearance. As an additional protection, Face ID allows only five unsuccessful match attempts before a passcode is required.

And therein lies the problem. Even when users opt in to Face ID, they have to set up a backup solution in case the authentication fails. By default, the solution is a 4 digit PIN, which is not nearly as secure as biometric authentication. For one, the probability that someone will guess your passcode at random is 1 in 10,000, or 100 times more likely than unlocking your Face ID according to Apple’s own numbers. More so, if you have two working eyes, it is ridiculously easy to see someone’s passcode when they enter it, or even guess it from the smudges left on the screen. And even with Face ID on, iOS requires users to enter their passcode a lot. Glenn Fleishman wrote for Macworld (from 2016, but still accurate to my knowledge):

[iOS asks for a passcode when] restarting the device, five failed fingerprint [or facial] recognition attempts, receiving a remote lock command via Find My iPhone, enrolling new fingerprints in Touch ID [or appearances in Face ID], and not having been unlocked in any fashion in 48 hours.

The article mentions other, more obscure ways to trigger a passcode request. The main culprit, however, is definitely five failed attempts. This happens all the time on my Touch ID devices, and it seems to happen quite a bit with Face ID too.

Here’s the thing: a machine is only as secure as its weakest authentication system. Imagine you spend thousands of dollars on a premium quality and practically impenetrable lock for the front door to the shed in your backyard but use a Master Lock that is lock-picked in two seconds for your back door. What crook is going to spend the time trying to concoct a plan to unlock the front door if they can essentially kick your back door in and make themselves at home?

I think the days of using biometrics without requiring a backup PIN are probably still far off for two reasons. One, it’s currently impossible to lock yourself out of your device permanently as long as you remember your passcode. Without a passcode, any number of things could happen that would leave you without a means of getting in: you lose your Touch ID-registered fingers in an accident, you damage your fingerprints or your face in a fire, you need facial reconstructive surgery, etc. Two, the customer service and PR nightmare that would ensue when users start locking themselves out of their phones and computers. We’ll have to make do in the meantime, and no authentication method will revolutionize cybersecurity as long as we have Master Locks on our back doors.

GiveBack my iPad

They say spenders often marry savers. I believe that. Every person I have ever dated was a big saver. And I used to be a Big. Spender.

I would spend every last dollar I had on gadgets and stuff I didn’t need and make terrible financial decisions. Examples! In 2016 I bought my current wallet which cost me $120. In 2013 I bought the original Microsoft Surface Pro for an astronomical amount (to poor student me) and barely used it before I sold it at a huge loss. In 2009 I bought an $850 prebuilt desktop PC that did not work out of the box and never even tried to return it. I have bought 8 phones since 2015 (LG G3, Motorola Moto X, iPhone 6S, Samsung Galaxy S7, iPhone SE, Google Pixel 2, iPhone 8, and another iPhone SE) (not a joke). In the Summer of 2015 I spent over $50 in bars almost every night. You get the gist.

A couple of months ago I decided to declutter my house and get rid of most of my stuff (thanks, Marie Kondo). I wanted to live a simple, elegant, minimalistic lifestyle. It’s going great. Instead of throwing everything in the trash, I have been trying to donate, sell, and trade-in some of my old possessions to soften the monetary blow. And this week, I made my favorite trade so far and got a 2018 iPad from the Apple Store for a grand total of $1.10, which I thought was a hilarious transaction.

I took advantage of the Apple GiveBack program, which I knew for sure worked with all fairly recent Apple devices such as my iPhone 8, but I was surprised to learn Apple would also take my Samsung Galaxy S7. They gave me two Apple Store gift cards, one for each device I traded in, which I immediately used towards the purchase of the iPad. I’m sure I could have sold the iPhone 8 for a little bit more on eBay, but the amount of time and effort it would take is not worth the few extra bucks in my opinion. This process was completely hassle-free and really quick. I was in and out of the store with my iPad in 25 minutes.

Now, I do not own a laptop, and I have an old gaming PC I do not really use anymore (in fact, it’s in storage right now). I borrow my girlfriend’s 2012 non-retina MacBook Pro when I really need to use a proper computer, but for the most part I have exclusively been using my phone and my Apple TV for the past few months. I thought it was time for me to have my own computer again.

I knew I wanted an Apple product because I find Windows 10 to be a disgustingly disorganized mess of an operating system, and I knew I wanted something portable. At the time of writing, the least expensive MacBook you can buy in Canada costs $1,499 and I do not have that kind of cash just lying around. I decided to make a financially sound decision and go with the 32GB Wi-Fi 6th generation iPad (the most recent non-Pro iPad), which would end up costing me $1.10 with my trade-ins. I did not get AppleCare or any accessories at the store, but I am going to get AppleCare, a smart cover, and the Apple Pencil in the coming weeks. I will, of course, write about it and let you know how it all goes.

I have had the iPad for two days now and have been using it as my main machine, to the point of almost not having to interact with my phone at all. I already have some thoughts about it, but I want to use it for a bit more before I share my thoughts on the experience. I will also share some nifty tips and tricks I have found in my readings, and yes, I am the type of person who reads the 400+ page iPad User Guide from Apple.

Learning how to build a website

Building my own desktop PC was a seemingly impossible goal I set for myself in 2012. I had just moved to another town for attending college and I was homesick, sad, and unemployed. I needed a project to focus on. 

I knew next to nothing about PC parts. Not to mention the only building experience I had prior to this was messing around with Legos. The Internet is a pretty big place with pretty bad information at every corner, so before I started researching PC parts I had to research how and where to look for information on PC parts. The journey was going to be a long one.

I turned to Reddit and found a wonderful community over at /r/buildapc. It has 1.3 million subscribers at the time of writing. It’s huge. Subreddits have a reputation for getting toxic as they grow in size, but this is not the case here. I love the people over there. They have very useful resources, too. In fact, you can learn most of what you need to know just by reading the material if you are digitally antisocial.

Anyway, long story short: I researched PC building for a couple of months before choosing my parts on PCPartPicker. It’s an incredible website. You absolutely want to use this when you build your PC. Philip, the guy who created it, is a genius. In January of 2013, I had received all my parts and decided to build. I used PCPartPicker’s build videos as a reference and it was a lot of fun.

Fast-forward to 2018. I hit a rough patch: personal problems, lost my job, etc. Not good. I needed a new project to focus on. I decided to once again learn how to build something seemingly impossible: a website. Of course, I was once again facing the same problems I had before. A lot of stuff to read and research. Web hosts, domains, WhoIs, SSL certificates, front end development, back end development, etc. But you know what? It turns out you don’t need to know all of this stuff to start building a website in 2019. Many platforms now offer a WYSIWYG (What You See Is What You Get) editor along with drag & drop functionality. There are dozens of companies to choose from, but I settled on Squarespace for 3 reasons. One, it’s the most popular one within my Internet bubble (podcasters I listen to, YouTubers I watch, and bloggers I read). Two, it’s an all-in-one solution: you can buy the domain from Squarespace, host on Squarespace, and do everything right on Squarespace. They even give you free WhoIs privacy. Three, I had a promo code. Thanks, John Gruber.

This is it. This is the website I’m building. I started on Valentine’s Day, so not long before publishing this blog entry. It would be cliche to say it’s a work in progress, but it’s a work in progress. I’m going to document the process of building a thing inside the thing I am building. I had a lot of fun setting up the first version of the site, and I’m looking forward to learning more. 

If you have tips or simply want to say something, shoot me an email and I’ll read it.

Welcome!

As of 9:00 AM EST on February 19, 2019, my website is online and public! I have been working on it for a few days, and it’s been a lot of fun. More on that in the next blog entry.

The theme of Spinning Beach Ball is LOVE YOUR COMPUTER AGAIN, which is based on the assumption that you hate your computer to begin with. I would say that’s a fair assumption, since computers are the worst. You can expect to read about topics such as Passwords are an archaic security system that should be banished in the shadow realm forever, Paying for email is not a bad idea, Why did you give your email address to the cashier at Sephora?, Internet privacy and why having something to hide does not make you a criminal, and Pay for your next phone up front unless you hate money. And that’s just off the top of my head!

Since you’re already here, why don’t you give us feedback? We would like to hear what you think of the site’s design and interface. We would also like to hear what topics you want us to cover in the future!

Anyway, I’ll keep this intro short. Thanks for checking out the website, and I hope you enjoy it.