My method for secure passwords

Password security is a big deal. This has been said a lot, but it seems to fall on deaf ears. Whenever a password breach occurs, a vast majority of passwords gets cracked within the first few hours. This is because people use too common passwords and reuse the same passwords on multiple sites.

My method for secure passwords consists of the following:

  • Password manager, KeePass2 is my choice, with a strong master password

  • Dropbox, where I store the keystore file that KeePass2 creates

  • Gmail account to which I also have a strong password that I have to remember. This is where sites would send the “Forgot password?” emails.

In total, there are really only two passwords I have to remember: the master password of the password manager, and password for my Gmail account in case I lose access to the Dropbox account. Passwords to everywhere else are randomly generated, 25+ characters long and stored safely in KeePass.

Why KeePass2

There are a few good alternatives, like LastPass and 1Password. I chose KeePass because it’s free, open source, and available for linux and Android. It also has auto-type feature that makes logins really easy.

Why Dropbox

The cloud service you choose is not really important – the password manager’s keystore file is encrypted, so even if the cloud storage is compromised, your passwords would still be safe. Dropbox is the most popular, so it’s not likely it will go down anytime soon. It’s also available for all major platforms.

Why Gmail

Most sites offer a way to recover your account in case you lose your password. This is typically done by sending a confirmation email to the address you used upon registration. Gmail was the obvious choice for me, but you can use whatever email provider you find trustworthy.

The setup

To set this up as I have, register for a Gmail account if you haven’t already (and make sure you enable two factor authentication), and also register a Dropbox account. Then go ahead and download KeePass2 (it’s available for Windows, Mac, and Linux). After installing KeePass, launch it and create a new keystore, and choose to save in inside your Dropbox folder. Now, you need to pick a strong master password that you can also remember. I recommend you to write this down as well, on a piece of paper, and store it in a secure location. Not in a post-it note next to your computer – treat it like your banking credentials. For picking the password, I suggest using diceware – a few random words combined is better than traditional, short passwords (see the related xkcd comic).

Now, create an entry to your new KeePass keystore for every website you use, and let it generate a strong password for you. It will take a bit of work to change your passwords in all the sites you use, but it’s worth it. At the end, you will have practically uncrackable passwords on every website.

Stop misusing –assume-unchanged flag!

I frequently see topics on StackOverflow asking how to locally ignore changes to a tracked file, and almost as often I see people recommending git update-index with --assume-unchanged flag. However, there is a more appropriate way to do this, and it is:

git update-index --skip-worktree <filename>

The problem with --assume-unchanged is that it is mean only for performance improvement. Quoting the official documentation (emphasis mine):

Many operations in Git depend on your filesystem to have an efficient lstat(2) implementation, so that st_mtime information for working tree files can be cheaply checked to see if the file contents have changed from the version recorded in the index file. Unfortunately, some filesystems have inefficient lstat(2). If your filesystem is one of them, you can set “assume unchanged” bit to paths you have not changed to cause Git not to do this check. Note that setting this bit on a path does not mean Git will check the contents of the file to see if it has changed — it makes Git to omit any checking and assume it has not changed. When you make changes to working tree files, you have to explicitly tell Git about it by dropping “assume unchanged” bit, either before or after you modify them.

The workings of --skip-worktree flag is similar, but it is meant precisely for scenarios where the developer does need to change the file, but just wants Git to ignore it:

When reading an entry, if it is marked as skip-worktree, then Git pretends its working directory version is up to date and read the index version instead.

This QA from StackOverflow has two nice answers, the second one explaining thoroughly how these two flags behave in different screnarios. So, the next time you need to locally ignore changes to a tracked file, use --skip-worktree.

Raspberry Pi with XBian and RetroPie

After I came across the RetroPie project, I knew I had to try it out. The bad thing was that I did not have an extra sd-card available, so I had to install it alongside my existing XBian installation. It turned out to be rather straightforward process, but there was a couple of caveats, so I decided to write it all out for you. In case you didn’t know, XBian is an awesome media center distribution for Raspberry Pi:

XBian is a small, fast and lightweight media center distribution for the Raspberry Pi, CuBox-i, Hummingboard and many more devices to come. It is based on a minimal Debian and therefore offers much of the same freedom as Debian offers. Our slogan is “XBian, the bleeding edge” as our main focus is delivering the fastest Kodi solution for various small form factor computers.

And RetroPie is a project that makes your Raspberry Pi a retro console, with emulators for practically every console up until the first PlayStation. So, to begin, I’m assuming you have a working installation of XBian – if not, follow the instructions on their website here.

Start by exiting Kodi (the exit option in the shutdown menu) so that you enter the command line (don’t use SSH for this, the installation process takes a long time and you don’t want your session to timeout) and install the prerequisites:

sudo apt-get install git lsb-release

After that, you can clone the latest RetroPie version:

git clone --depth=1 https://github.com/RetroPie/RetroPie-Setup.git

This will download the latest version for you. Now, there is a small glitch here that you need to fix manually. XBian has a fixed dependency to an old libcurl package, which is incompatible with RetroPie. After digging around, I found that the solution was to create a file called 01user to /etc/apt/preferences.d/ with the following contents:

Package: libcurl3 curl libcurl3-gnutls
Pin: release o=XBian
Pin-Priority: -1
Package: libcurl3 curl libcurl3-gnutls
Pin: release o=Debian
Pin-Priority: 1001

After creating that file, you can run the retropie installer:

cd RetroPie-Setup 
chmod +x retropie_setup.sh 
sudo ./retropie_setup.sh

Running the basic install option will install all the emulators. After that the installation is complete and you can run emulationstation from the command line!

Coming up: how to run emulationstation from Kodi.