<p>I have a new browser setup on my desktop to increase my privacy and convenience. It is divided into two profiles that perform differently based on what I need to do in the moment.</p>
<p>I use Librewolf as my browser. It is a fork of Firefox that is enhanced for privacy without heavily impacting user experience. I divided it into two profiles:</p>
<ol>
<li>Accounts (instances in which I need to login)</li>
<li>Browsing (general website browsing)</li>
</ol>
<p>Let me walk through how each profile is setup.</p>
<p>Firstly, let me talk about common settings between both profiles.</p>
<h3>Common In Both</h3>
<p>On both profiles, I have my settings to optimize my privacy. On Firefox-based browsers, it is very easy to use these settings because most of them have little impact on convenience. I use Brave Search as my search engine and will switch to my own SearX instance when I get a good server. In terms of extensions, I have the 'uBlock Origin' extension installed setup to block JavaScript and remote fonts by default. I have the default lists along with all the others unchecked by default apart from language lists. I block every single domain from Google, Facebook, Microsoft and other websites which are known for tracking. If a website breaks, I whitelist that website in particular.</p>
<p>In this article, we will discover why it is horrible to keep cryptocurrency on exchanges. If you do not have time to read this article, please stop keeping your cryptocurrencies on exchanges. If you do, your crypto may get stolen or lost. If you are interested in the details, please keep reading.</p>
<p>When you keep cryptocurrencies on exchanges like Coinbase, they have your private keys. Anyone who has your private keys can manage your wallet as if it is their own. They can send, receive and do whatever they want with your wallet. Even if the exchange you are trading on is trusted, <ahref="https://www.investopedia.com/terms/m/mt-gox.asp">if they shut down, you will lose your crypto.</a> This happened a few times before and thousands of people lost all of their crypto. This is why exchanges should be used for what they are good at; purchasing crypto. Keep exchanges only for one purpose.</p>
<p>Currently, the whole crypto exchange industry has a severe lack of regulation. The fact that exchanges have your private keys means that <strong>they can freeze your account which would cut off your access to your own crypto.</strong> Governments can request such freezes. This may seem improbable but <ahref="https://www.ccn.com/south-koreas-biggest-cryptocurrency-exchange-investigated-by-local-police-market-drops/">it happened in South Korea.</a></p>
<p>Even if the exchange you are trading on is secure, they may store your private keys in plaintext. This happens much more than people think. If this happens, hackers can easily take control of people's wallets and send all the crypto to themselves. If a hack like this happens through Bitcoin, it can at least be tracked. However, many hackers convert their crypto to Monero which cannot be tracked. If this happens, you will never get your money back unless the hacker decides to return the money.</p>
<p>To sum it up, you should never store your crypto on exchanges because you do not own your own crypto. There is little regulation and your account or the exchange can also be hacked. All of these pose serious risks to your crypto. Just get a wallet like Electrum or Monero and start using it.</p>
<p><ahref="mailto:sufyaan@counterhawks.com?subject=Keep%20Crypto%20Off%20Exchanges">>>> Reply To Me</a></p>
<p>As mentioned in the title, I have deleted my Discord account. This was obviously not without a reason. There are two reasons due to which I deleted my Discord account:</p>
<ul>
<li>Privacy</li>
<li>Lack of Use</li>
</ul>
<p>The most prominent reason is privacy but lack of use compelled me to actually take the plunge and delete my Discord account.</p>
<p>Discord is a hellhole for your privacy. Avoid it at all costs. In this section, I will show you the various things that Discord tracks.</p>
<h3>DISCORD'S HISTORY</h3>
@ -91,9 +91,9 @@
</ol>
<h3>ALL IN ALL...</h3>
<p>... this is not all that Discord does. If we know that Discord does all of this, there is obviously more that they are doing that we do not know. You should always assume closed-source pieces of software are tracking you and sending your information to a third-party.</p>
<p>I was not using Discord anymore so I deleted it. The reason is that my previous account got banned for botting when I did not do anything. I made a new account, chatted with three or four of my friends. Afterwards, the CounterHawks Discord server got banned. Due to this, I realized there is no use for my account and that there is no reason for me to support Discord.</p>
<p>I do not use Discord anymore and probably never will. Previously, it was difficult to delete my Discord account but Discord themselves have done all the hard work for me.</p>
<p><ahref="../">sf.cu</a> > <astyle="color:#bd93f9"href="../blog/">Blog</a> > <astyle="color:#bd93f9"href=".">Do It Yourself</a></p>
<h1>Do It Yourself</h1>
<pstyle="font-size:110%">Posted on: <strong>19 May 2023</strong></p><pstyle="font-size:110%">Reading time: <strong><strong>2 min</strong><p><pstyle="font-size:110%"></strong>Category: <astyle="color:#ff79c6"href="../blog/software/"><strong>Software</strong></a></p>
<p>With regards to technology, the average person would rather buy a new computer when their WiFi stops working instead of taking it to a repair shop or fixing it themselves. They would rather buy a new smartphone when their screen cracks than repair it. They would also rather buy a device because of its looks and arbitrary specifications than one specific to their use case and their interests. They focus on the marketing of a company and become 'fanboys' of a specific company, buying nothing but their products, stating that the company in question makes the best products in the world. Self-servicing and repairability are not even factors in their decision to buy a device.
</p>
<p>As an example, a plethora of technology enthusiasts still buy <astyle="color:#50fa7b"href="../definitions/thinkpad">ThinkPads</a> to this day. When others look at <astyle="color:#50fa7b"href="../definitions/thinkpad">ThinkPads</a>, they think whoever buys them is not making a good decision. They think <astyle="color:#50fa7b"href="../definitions/thinkpad">ThinkPads</a> look ugly. They do not focus on the usability of a device. <astyle="color:#50fa7b"href="../definitions/thinkpad">ThinkPads</a> are used because of their durability, repairability, fast performance, and more. The fact that they are made for businesses means that there is no profit for Lenovo in letting a ThinkPad break early. Instead, they earn money by selling long-lasting and durable devices that last individuals for years on end.</p>
<p>Instead of buying ThinkPads that <em>function</em> amazingly, people go for looks that <em>impress</em> amazingly. A computer is a device designed to perform computation. If you are shelling out a lot of money, you should have a device that performs fast and can be repaired by you.</p>
<p>What I have realized is that you should 'do it yourself' as much as possible. This is why my computer is custom-built. Had I bought a <astyle="color:#50fa7b"href="../definitions/pre-built-computers/">pre-built computer,</a> I would have never known what was inside my computer. This is tedious on smartphones since they are becoming more and more locked down. <astyle="color:#50fa7b"href="../definitions/linux-phones"><strong>Linux</strong> phones</a> are alternatives but they are not great as of 2023. I hope they become mainstream soon because I want to buy one.</p>
<p>Doing it yourself also helps in terms of software. I used to flash custom ROMs on my old phone and used <astyle="color:#50fa7b"href="../definitions/lineageos">LineageOS</a> extensively. Now, I use <astyle="color:#50fa7b"href="../definitions/arch-linux">Arch <strong>Linux</strong></a> on my computer, which is a <astyle="color:#50fa7b"href="../definitions/linux-distribution"><strong>Linux</strong> distribution</a> that is basically barebones. It has only the packages required to boot up. Everything else is done by you. The advantage of an <astyle="color:#50fa7b"href="../definitions/operating-system">operating system</a> like this is that you know what runs on your system and there is minimal resource usage. If there is an issue, you can easily find out which program it is from and fix it immediately after gaining knowledge.</p>
<p>You should try to 'do it yourself'. Take control of your hardware and software and know what you are running. It will not only be cheaper, but it will make it easier to fix issues and learn about computing and technology in the long run.</p>
<p><ahref="mailto:sufyaan@counterhawks.com?subject=Do%20It%20Yourself">>>> Reply To Me</a></p>
<p>Sudo. It is often used by <strong>Linux</strong> users to perform commands with root privileges instead of being in a root shell all the time. However, <ahref="https://access.redhat.com/security/cve/CVE-2023-22809">there has recently been a vulnerability in sudo due to which people are switching to doas.</a></p>
<p>OpenDoas or Doas is a portable version of the doas utility that is used on OpenBSD. OpenDoas can be installed on Unix-like system which includes <strong>Linux</strong>. It is designed to be more minimal and has less configuration options than sudo. If you are on a personal computer, then I highly recommend you switch to doas because it has a much smaller codebase which leaves less room for error.</p>
<p>However, if you are part of a professional environment with many individuals needing to use sudo, I recommend staying with sudo because it offers more configuration options to be used for groups and users.</p>
<p>Doas is available on almost all major distributions. If your distribution is Debian-based (Ubuntu, <strong>Linux</strong> Mint, Zorin OS), simply type:</p>
<p><code>sudo apt install doas</code></p>
<p>If you run an Arch-based system (Artix, Arco, Endeavour, Manjaro), type:</p>
@ -35,20 +35,20 @@
<p>If you use RHEL-based systems (Fedora, CentOS), type:</p>
<p><code>sudo dnf install opendoas</code></p>
<p>Doas should now be installed but it will not work out of the box. There is one line that we need to add to the configuration file.</p>
<p>You have to configure doas as it is not included in most distributions by default but do not fret! One of its plus points is that its configuration is much better than sudo's.</p>
<p>To begin, edit the /etc/doas.conf file as root.</p>
<p>If you are the only user on your system and do not plan to allow other users to use your system, this line will suffice.</p>
<p><code>permit persist username as root</code></p>
<p>Many distributions have a group (wheel, sudoers) that are allowed to run sudo commands. If you would like to allow that group to send commands as root, type this:</p>
<p>If you are the only person on your <strong>Linux</strong> machine, you should switch to doas. It is much more lightweight and is similar to sudo. It has a smaller codebase which, in my opinion, prevents exploits from popping up as often as sudo.</p>
<p>However, if you are in a professional environment, you should stick with sudo.</p>
<p><ahref="mailto:sufyaan@counterhawks.com?subject=Use%20Doas%20Instead%20Of%20Sudo">>>> Reply To Me</a></p>
<p>In this article, I will show you how to encrypt emails. You can encrypt emails on almost any device. In this article, however, I will be focusing on Gmail, Outlook, Yahoo. I will also be focusing on making ProtonMail encrypt emails with Gmail.</p>
<p>Firstly, let us dispell a few myths. The first myth is a big one.</p>
<h3>Gmail's Confidential mode does not encrypt your emails</h3>
<p>Yes, you heard that right. Gmail's confidential mode does not encrypt your emails. Whenever I speak about email encryption, I hear something along the lines of:</p>
@ -32,7 +32,7 @@
<h3>ProtonMail does not encrypt emails sent to non-ProtonMail users</h3>
<p>This is also a huge myth. ProtonMail encrypts emails sent to other ProtonMail users. However, they do not encrypt emails sent to or received from non-ProtonMail users. It collects less data about you and it stores your emails with encryption on their servers but the email itself is not encrypted on the other person's end.</p>
<p>Encryption for non-ProtonMail users works on a user-to-user basis. You have to have the encryption keys of the other person if they are a non-ProtonMail user and they also have to encrypt their emails manually. We will learn how to do this in this guide.</p>
<p>Encrypting your emails online is a simple process.</p>
<h3>Step 1: Get the Mailvelope extension</h3>
<p><ahref="https://mailvelope.com/">Mailvelope is a free, libre and open-source browser extension</a> which allows you to not only encrypt emails using public keys but also has a keyserver which has a list of other people who use Mailvelope. Emails sent to other people using Mailvelope will automatically be encrypted.</p>
@ -44,7 +44,7 @@
<h3>Step 4: Send encrypted emails!</h3>
<p>Whenever you go to compose an email, there will be a button like the image below. Just click on it and there will be a popup to compose your encrypted email. Just fill in the info and send your email!</p>
<divstyle="text-align:center"><imgsrc="mailvelope-2.webp"alt="Mailvelope Icon to send encrypted emails"></div>
<p>Firstly, I would like to give a disclaimer. There is no way to use PGP encryption on iOS. Most encryption that is used on iOS is either paid or unavailable. On Android, you cannot encrypt emails using the native applications for Gmail, Outlook or Yahoo. Even if there is such a feature, you should not use their official clients due to their invasive tracking. To encrypt emails, we will use an email app called K-9 Mail. I believe that everyone should use K-9 Mail even if they are not encrypting their emails. It is a fantastic app.</p>
<p>K-9 Mail is a free and open-source email app that has a lot of features. I believe that no one should be writing emails on their phones but it is a great app to have just to make sure there is nothing urgent in your inbox.</p>
<h3>Step 1: Get the app</h3>
@ -58,7 +58,7 @@
<h3>Step 5: Setup K-9 Mail</h3>
<p>Go back to K-9 Mail, go to settings, go to your account that you added, go to end-to-end encryption and enable it. Select your key. Turn on autocrypt mutual mode. That is it! You should see a lock icon whenever you are sending an email to someone if you have their PGP public key. If you need to import more keys, just go to the OpenKeychain app and import them.</p>
<divstyle="text-align:center"><imgsrc="k9-encryption.webp"alt="Composing an encrypted email in K-9 Mail"></div>
<p>You can now send these keys to anyone to import into their PGP keychain. They will then be able to encrypt emails when sending them to your ProtonMail address!</p>
<p>That is it! You have setup encryption on your emails. This is a great step as email itself is very unsecure, so this will boost your privacy and security by a lot. Sharing passwords through email has never been safe but encryption allows you to do it with a good range of security.</p>
<p><ahref="mailto:sufyaan@counterhawks.com?subject=How%20To%20Encrypt%20Emails">>>> Reply To Me</a></p>
<pstyle="font-size:110%">Posted on: <strong>1 June 2023</strong></p><pstyle="font-size:110%">Reading time: <strong><strong>2 min</strong><pstyle="font-size:110%"></strong>Category: <astyle="color:#ff79c6"href="../blog/software/"><strong>Software</strong></a></p>
<p>I just started using <ahref="https://ffmpeg.org/">FFmpeg</a>... and it is <strong>AMAZING!</strong> When I mean amazing, I really mean amazing.</p>
<p>For those of you who do not know what FFmpeg is, it is basically a command-line application that can be installed on all platforms that is basically the Swiss army knife of videos, audio files and images. It merges almost every single codec, encoders and decoders, filters and more in a single application allowing for fast access and modularity.</p>
<p>FFmpeg is one of those tools which have impacted your life without you realising it. Whenever you watch a movie, show or any piece of edited or converted content, there is an extremely high change that FFmpeg was involved.</p>
<p>You may say:</p><p><em>"Bu.. But I use a video editor and online file converters! Those are not FFmpeg!"</em></p>
<p>Most file converters and video editors use at least some FFmpeg. Many websites like YouTube and WhatsApp use FFmpeg directly when they need to compress a video.</p>
<p>The reason I switched is because of its versatility. You can create a single command to record your screen in lossless quality, save the original file in '.mov', the audio in '.mp3' format in another folder, encode a '.mp4' file, transcode it to be played on Android and trim a specific part of the video and send it to a server that you own.</p>
<p>FFmpeg is a difficult program to learn but the rewards are worth it. I currently have a command that records my screen, converts the audio in the recording from stereo to mono and finally encode it in <astyle="color:#50fa7b"href="../definitions/h264">H.264</a> for ultimate compatibility.</p>
<pstyle="font-size:110%">Posted on: <strong>27 May 2023</strong></p><pstyle="font-size:110%">Reading time: <strong><strong>3 min</strong><pstyle="font-size:110%"></strong>Category: <astyle="color:#ff79c6"href="../blog/software/"><strong>Software</strong></a></p>
<p>If you are a developer, programmer or a coder who works with open-source software, you must have clicked this post in shock. First off, I would like to state that I am not telling everyone to stop making open-source software. What I am trying to say is that GitHub is one of the worst <astyle="color:#50fa7b"href="../definitions/git">Git</a> platforms to host your projects. We will cover why in this post.</p>
<p>Simply put, GitHub uses <astyle="color:#50fa7b"href="../definitions/non-free">non-free</a> software and <astyle="color:#50fa7b"href="../definitions/non-free">non-free</a> JavaScript on their website. It is shockingly ironic that the biggest open-source platform for anyone to use is itself a proprietary piece of software. It is also centralised, for-profit and politically active, which are all completely against free, libre and open-source software. These factors make it similar to SourceForge, which was abandoned by most of its users because of this very reason.</p>
<p>If everyone stops using GitHub and moves to better alternatives like <ahref="https://codeberg.org/">Codeberg</a>, <ahref="https://gitlab.com/">GitLab</a> or even a <astyle="color:#50fa7b"href="../definitions/self-host">self-hosted</a><astyle="color:#50fa7b"href="../definitions/git">Git</a> instance, then GitHub will fall. Many people may be seething at me suggesting <ahref="https://gitlab.com/">GitLab</a>, but the truth is that <ahref="https://gitlab.com/">GitLab</a> is still open-source and uses free JavaScript instead of <astyle="color:#50fa7b"href="../definitions/non-free">non-free</a> JavaScript on their website. It is certainly not the best option, but it is miles ahead of GitHub.</p>
<p><ahref="https://codeberg.org/">Codeberg</a> is entirely <astyle="color:#50fa7b"href="../definitions/free-software">free software</a> and it is a great option for most people. It works in a similar way to GitHub so it is trivial for individuals to migrate. <ahref="https://sr.ht/">SourceHut</a> is also amazing. It is just as good as GitHub and much better for your rights. Self-hosting a <ahref="https://forgejo.org/">Forgejo</a> or <ahref="https://gitea.io/">Gitea</a> instance is one of the best options as it offers complete independence. <astyle="color:#50fa7b"href="../definitions/git">Git</a> is the underlying technology which anyone can use. Therefore, everyone should be independent in using it.</p>
<p>This is the reason I have a website. Everyone should have a website as it gives you independence on the web.</p>
<p>Microsoft's strategy against open-source has always been to embrace, extend and extinguish. They have tried to do it before with <strong>Linux</strong> when it was being popularized among developers. Now, they are using Copilot to do so, which is an AI tool that can autocomplete code for you. The main issue with it is that they trained it all on open-source code without giving any credit to the original developers. GitHub's Copilot is now being used to help code for-profit and close-source programs.</p>
<p>Essentially, this results in open-source programs being used to grow close-source programs.</p>
<p>Microsoft and GitHub's multiple CEOs have kept on speaking negatively about copyleft. This includes GitHub's founder and former CEO. <ahref="https://www.youtube.com/watch?v=-bAAlPXB2-c">Their OSCON keynote was meant for attacking copyleft and the GPL, trying to discourage the use of free software.</a> Instead, they suggest the MIT license using which many megacorporations exploit people's code without any credit.</p>
<p>There are many people who suggest using alternatives to products offered by big corporations and they are mostly right. Big corporations are able to give you free products because they profit off of your data. They are not trying to be kind.</p>
<p>For example, look at Google. They offer a search engine, documents storage, free email, cloud storage, a video site with billions of videos, a meeting platform and much more. They are not doing this to help people. They are doing this to harvest your data and sell it to the highest bidder.</p>
<p>Microsoft? Windows, Xbox and GitHub are not tools offered out of their sympathy towards you. All of it is for their own profit, whether it be collecting your data in Windows or preventing distribution of truly <astyle="color:#50fa7b"href="../definitions/free-software">free software</a> on GitHub.</p>
<p>GitHub is perhaps the only Git platform that has no option to <astyle="color:#50fa7b"href="../definitions/self-host">self-host</a>. You do not know what is running on their servers and cannot know what is happening with your code.</p>
<p>Please don't use GitHub. Just use alternatives or self-host it. GitHub does have a lot of projects but if you use it, it brings them closer towards extinguishing open-source.</p>
<p><ahref="mailto:sufyaan@counterhawks.com?subject=Don't%20Use%20GitHub">>>> Reply To Me</a></p>
<h1>Instagram Deleted!</h1><pstyle="font-size:110%">Posted on: <strong>7 May 2023</strong></p><pstyle="font-size:110%">Reading time: <strong><strong>Less than 1 min</strong><p><pstyle="font-size:110%"></strong>Category: <astyle="color:#ff79c6"href="../blog/software/"><strong>Software</strong></a></p>
<p>This post is to inform you that the grace period for the deletion of my public Instagram account has been completed. My Instagram account has been deleted... forever. I highly recommend you do it too. Read <astyle="color:#bd93f9"href="../sm">this post</a> for more information.</p>
<p><ahref="mailto:sufyaan@counterhawks.com?subject=Instagram%20Deleted!">>>> Reply To Me</a></p>
<hr/><p><ahref="../">sf.cu</a> > <astyle="color:#bd93f9"href="../blog/">Blog</a> > <astyle="color:#bd93f9"href=".">Open-Source Islam Apps?</a></p>
<h1>Open-Source Islam Apps?</h1>
<pstyle="font-size:110%">Posted on: <strong>2 July 2023</strong></p><pstyle="font-size:110%">Reading time: <strong><strong>3 min</strong><pstyle="font-size:110%"></strong>Category: <astyle="color:#ff79c6"href="../blog/software/"><strong>Software</strong></a></p>
<p>I have tried finding open-source and <ahref="../definitions/free-software/"style="color:#50fa7b">free</a> Islamic apps for a long time and it is tiring to do so. Most of the apps are Quran and prayer time apps which are perfect but we do not have apps for other parts of Islam like hadeeths, duas and even Qibla locating. If I do run across an app, its last update is always more than five years ago which is not ideal. There are two Islamic apps that I use on a daily basis that I absolutely love and will never switch from:</p>
<pstyle="font-size:110%">Posted on: <strong>23 June 2023</strong></p><pstyle="font-size:110%">Reading time: <strong><strong>2 min</strong><pstyle="font-size:110%"></strong>Category: <astyle="color:#ff79c6"href="../blog/software/"><strong>Software</strong></a></p>
<p>I have decided to switch from a self-hosted Vaultwarden (Bitwarden) instance to using KeePass along with Syncthing to sync it to all my devices. There are numerous reasons why I decided to make this change.</p>
<p>The offline nature of KeePass makes it so that it is nearly impossible to crack. Connecting things to the internet makes it trivial for a script kiddie thousands of kilometers away from you to attempt to crack your passwords. A password manager is a place where all of your passwords are stored. Due to this very reason, I decided to upgrade my security by moving to a reputed piece of software.</p>
<p>The encryption algorithm used for your password database is AES-256, commonly known as 256-bit encryption. It is a form of encryption that is so difficult to crack that the only way you can actually hope to obtain someone's password is by phishing them or using external methods. For more information, please <ahref="https://invidious.tiekoetter.com/watch?v=S9JGmA5_unY">watch this video by 3Blue1Brown.</a> It is extremely interesting.</p>
<p>In fact, KeePass is so secure that even the passwords that are stored in your memory while you are viewing your database is encrypted. That way, even a <ahref='../definitions/management-engine'style='color:#50fa7b'>management engine</a> attack will not work. If you want to try viewing the cleared memory sectors to find remnants of your passwords, good luck. The passwords which are stored in your memory are first overwritten to the point of unrecoverability before being cleared.</p>
<p>You can even setup a keyfile (a file you need to use to login), a <ahref='../definitions/security-key/'style='color:#50fa7b'>security key</a>, or both.</p>
<p>KeePass is open-source under the GPLv2 license, which is the best open-source license for people's freedom. That makes it <ahref='../definitions/free-software/'style='color:#50fa7b'>free software</a>.</p>
<p>Along with KeePass, I use Syncthing to sync my database. Syncthing also uses cryptographic encryption. This makes it so that anyone who wants to brute-force my database needs access to both my Syncthing password and my KeePass password.</p>
<p>I use KeePass along with Syncthing for three reasons.</p>
<ol>
<li>KeePass is extremely secure. It has industry-standard protection methods and algorithms and its offline nature makes it practically uncrackable.</li>
<hr/><p><ahref="../">sf.cu</a> > <astyle="color:#bd93f9"href="../blog/">Blog</a> > <astyle="color:#bd93f9"href=".">Keep It Minimal</a></p>
<h1>Keep It Minimal</h1>
<pstyle="font-size:110%">Posted on: <strong>27 June 2023</strong></p><pstyle="font-size:110%">Reading time: <strong><strong>3 min</strong><pstyle="font-size:110%"></strong>Category: <astyle="color:#ff79c6"href="../blog/software/"><strong>Software</strong></a></p>
<p>In technology, you should keep it simple as much as possible. The KISS philosophy and the <ahref="../definitions/unix-philosophy/"style="color:#50fa7b">UNIX philosophy</a> especially must be followed if you want quality software. Most pieces of famous software nowadays do not follow this guideline and it is costing millions of people dearly.</p>
<p>Minimal software can be extensible as per the <ahref="../definitions/unix-philosophy/"style="color:#50fa7b">UNIX philosophy</a>. Instead of creating a massive program that tries to do everything, minimalist programs create modules for certain functions. This makes troubleshooting a piece of cake as the initial confusion of finding out what exactly causes the error is practically eliminated. For example, if you are making a login page and the authentication does not work, you know that you should look in the authentication module. However, if you make it all in a single program, it is difficult to root out whether an issue is due to an incorrect variable type or a redundant function.</p>
<p>All of this helps developers to avoid complications. No team wants another error or speed complaint in the middle of another issue. All of the advantages listed thus far help developers have peace of mind.</p>
<p>Finally, minimal pieces of software can be liberated and made into <ahref="../definitions/free-software/"style="color:#50fa7b">free software</a> to contribute to the world. Once the initial stages of bug-fixing and optimization is over, it is just a matter of letting the world find ways to make the program better. An inefficiency that no one would spot otherwise can be ironed out by a top-tier programmer who worked in a plethora of huge companies with decades of experience. It also helps budding developers learn about development.</p>
<p>To sum it up, everyone should use and develop minimal software if possible. This is because minimal software is easier to maintain, debug and optimize due to its smaller codebase. It also runs fast on all devices and avoids complications during development time. Minimal software can also be liberated into <ahref="../definitions/free-software/"style="color:#50fa7b">free software</a> which will allow talented developers to review the program and contribute to the world.</p>
<p><ahref="mailto:sufyaan@counterhawks.com?subject=Keep%20It%20Minimal">>>> Reply To Me</a></p>
<p>If you find it difficult to maintain strong passwords, then this guide is the only article you need to refer to. In this article, I will talk about an amazing trick to remember and manage all of your passwords.</p>
<p>It goes without saying that passwords are incredibly important. It is undeniably important to make sure your passwords are:</p>
<ul>
<li>Strong</li>
@ -37,7 +37,7 @@
<p>The most common response I hear from people when I ask them to create a password system is:</p>
<p><em>"I think using the same password on all accounts is better because I don't have a good memory to use a password system."</em></p>
<p>That response always baffles me. The whole point of a password system is not to remember your passwords but to remember a ruleset that will be cemented into your brain after 3 or 4 times of entering your passwords.</p>
<p>As aforementioned, a password system is a set of rules that you need to remember instead of all of your passwords separately. An effective password system consists of the following elements:</p>
<ul>
<li>Master Password</li>
@ -82,7 +82,7 @@
<p>The password above is 33 characters, yes 33 characters long. No one will be able to guess it and it will take hundreds of centuries to crack. Best of all, it is different for each account.</p>
<p>You can mix the order up. Just make sure you don't keep changing the system and use one system. The best part is that if you need to change your passwords, you can just make another system that will work just as well. By that point, the previous system will be embedded into your brain. So, you can remember multiple strong passwords using this step.</p>
<p>Please note that this is not enough. If you have followed this guide, you have taken a massive step towards protecting your accounts. However, many cybercriminals rely on phishing attacks. Please do not click on random links and please do not enter your information on random websites.</p>
<p>I know how you felt reading the title. If you are a heavy social media user, you probably said:</p><p><em>"What? Who in their right mind would delete their social media accounts? How are they supposed to live life and talk to their friends?"</em></p><p>Don't worry. That was me last year. I understand your feelings. However, the disadvantages of social media and the perks of deleting it far outweigh its benefits. In this post, I will go over the reasons why you should delete all of your social media.</p>
<p>A study counted 5 billion internet users and it was concluded that, on average, <ahref="https://www.forbesindia.com/article/lifes/how-much-time-do-people-spend-on-social-media-and-why/79477/1">an internet user spends 6 hours and 53 minutes online per day.</a> 6. HOURS. AND. 53. MINUTES. That is almost a whole third of people's daily lives. Another study concluded that people spend more time on social media in their whole lifetime than grooming, socialising (social media !=socialising) and doing the laundry combined.</p>
<p>It is not as if any of the time spent is valuable. Sure, you may learn one or two 'fun facts, which will make you think that you need social media. You may talk with your friends a lot, which will make you think that your account is required to socialise with people. However, these are all nonsensical excuses that your brain makes to justify getting cheap dopamine. Imagine how much work you can get done, how many actual connections you can make with people, and how many good habits can be formed that will make you happier in the long term than social media.</p>
@ -97,7 +97,7 @@
<p>Many individuals who use social media are experiencing these problems, which are usually experienced by older people, at ages like 25.</p>
<h3id="productivity">Horrible Productivity</h3>
<p>When you are working and are in the zone (a phase in which you do high-quality work without even thinking about it), any minor disturbance will move you out of that state. A notification about someone liking your post can shake you out of the zone. In the long-term, this will waste hours of your time.</p>
<p>So, you are ready. You want to quit social media and break this horrible addiction. You realise the effects it has on your life. However, you do not know where to start. If this is the case, check out <ahref="https://www.staygrounded.online/p/the-air-method-phase-i">'The AIR Method'</a>. If you would like to read how I did it, please refer to the steps below. Referring to the steps I took may help you understand your weak points and how to combat them.</p>
<h3id="contact">1. Alternative Contact Details</h3>
<p>Make a list of all of your friends and cross out the ones that you know can be reached on other chat applications. Ask the rest for alternative contact methods. This may be through apps like Signal, Session, XMPP, Matrix, or WhatsApp. Just make sure that it is not another social media app.</p>
@ -120,7 +120,7 @@
<li>Immediately delete all records of the password and restart your device to clear it from your clipboard</li>
</ol>
<p>These steps were drastic but they practically cemented the fact that my account was going to be deleted, no matter what.</p>
<p>There is not much left to say. I am much, much happier without social media. I have more time on my hands and I am still getting the information I want from RSS feeds without an algorithm trying to pull me in. Big corporations have much less data about me, I have a lot of time and have produced a lot of work. In terms of academics, my overall percentage in school has increased by over 20%. I find difficult subjects easier and easy subjects a piece of cake.</p>
<p>All in all, if you care about yourself, delete your social media. It is a hellhole that is getting worse by the day.</p>
<p><ahref="mailto:sufyaan@counterhawks.com?subject=Stop%20Using%20Social%20Media">>>> Reply To Me</a></p>
<p><em>“Ah, yes. Graphical-user interface (GUI) apps. They are so comfortable and easy to use. You just click some buttons and get your computer to do what you want.”</em></p>
<p>That was what I thought before I learned how spectacular terminal applications are. <strong>I do not use a calendar or email GUI app. I use its terminal equivalent.</strong> Specifically, I use Calcurse for my calendar/todo, neomutt for my email, sxiv for my image viewing, mpv for my video playing and even Joplin (CLI) for my notes. I am still actively looking for more apps like terminal file managers (lf, ranger, mc) and terminal versions of GUI apps I use (Bitwarden?). What compelled me to switch?</p>
<p><ahref="../">sf.cu</a> > <astyle="color:#bd93f9"href="../blog/">Blog</a> > <astyle="color:#bd93f9"href=".">Start Using 2FA Properly</a></p>
<h1>Start Using 2FA Properly</h1><pstyle="font-size:110%">Posted on: <strong>13 May 2023</strong></p><pstyle="font-size:110%">Reading time: <strong><strong>3 min</strong><p><pstyle="font-size:110%"></strong>Category: <astyle="color:#ff79c6"href="../blog/software/"><strong>Software</strong></a>&&<astyle="color:#ff79c6"href="../blog/guides/"><strong>Guides</strong></a></p>
<p>If you use any online account, you should use 2FA keys. It does not matter if it is your Google account that has all of your personal information or if it is some random account you use once in a while. You should at least have 2FA enabled in an authenticator app or preferably a 2FA key. Do not use SMS.</p>
<p>Why buy a 2FA key when you can use 2FA codes or SMS for free? Let us start with SMS.</p>
<p>SMS is inherently insecure. It is not encrypted, and your SIM card is always susceptible to SIM swap attacks. A SIM swap attack is a type of identity theft where a cybercriminal pretends to be you and asks for your number to be switched to a SIM card in their possession. They do this by claiming that their phone was lost or stolen. Most employees working for mobile networks speak with hundreds of people a day. They cannot differentiate people's voices. Even with a small amount of voice modulation, almost anyone can trick them into thinking it's you.
</p>
<p>After gaining possession of your SIM card, the cybercriminal goes to your online accounts and tries to reset your passwords. If they already have your passwords, they may try to login using your phone number and the 2FA code received through SMS. This may seem rare, and it may also seem like it does not work on most people. However, in 2019, <ahref="https://www.nytimes.com/2019/09/05/technology/sim-swap-jack-dorsey-hack.html">Jack Dorsey's (the former CEO of Twitter) account got hacked using this exact method.</a>
<p>As commonly said by many privacy and security professionals, you are only as secure as your weakest link. Make sure your weakest link is not SMS.
<p>An authenticator app is much better than SMS-based 2FA. This is because authenticator apps usually follow the TOTP or HOTP standard, which is very secure. It basically uses a secret key along with the current time to create a unique code that changes every thirty seconds.</p>
<p>One thing that you should absolutely not do is use Google Authenticator, Microsoft Authenticator, Authy or anything as such. This is because the clients are close-sourced, which means that the code is not public. This means that they could be doing anything with your 2FA secret keys. Authy syncs your codes which is convenient but it does not allow you to export your keys, just like other properietary authentication apps. This is unethical as you should have complete control over what is required to access your own accounts. If your Authy account gets disabled, you will no longer be able to log in to most accounts. A much better alternative is:</p>
<p>You should also be taking frequent <strong>encrypted backups</strong> of not only your 2FA codes, but all data that is important to you. Read <astyle="color:#bd93f9"href="../backups/">this post</a> to learn how to take encrypted backups properly. Remember, you should keep your backups as far away from other people's hands as possible. If they have your secret keys, they have your 2FA codes.</p>
<p>Security keys are the best form of two-factor authentication. They are physical keys which need to be plugged in to your computer or smartphone in order to be used. They use NFC, USB-C, USB-A and also the Lightning port. This 2FA method makes it so that it does not matter which person gets your credentials because they need access to your key physically in order to login. One drawback of this method is that, if you lose your key, you cannot login to your accounts. This is why people buy 2 or 3 as a backup. It should be noted that, although other methods can be used alongside <astyle="color:#50fa7b"href="../definitions/security-key">security keys</a>, it is not recommended as it is still possible to just use the other insecure methods for a cybercriminal and bypass your <astyle="color:#50fa7b"href="../definitions/security-key">security key</a>.</p>
<p>I recommend <ahref="https://www.yubico.com/">Yubico</a> and <ahref="https://shop.nitrokey.com/shop/product/nkfi2-nitrokey-fido2-55">NitroKey</a><astyle="color:#50fa7b"href="../definitions/security-key">security keys</a>.</p>
<p>If there is one thing you take away from this post, it is to make 2FA your baseline security protocol. Use 2FA for <strong>every account that has it.</strong> Do not use SMS, use authenticator apps. If possible, spend money on three <astyle="color:#50fa7b"href="../definitions/security-key">security keys</a>.</p>
<p><ahref="mailto:sufyaan@counterhawks.com?subject=Start%20Using%202FA%20Properly">>>> Reply To Me</a></p>
<p>You should only buy metal USBs because they last longer. Metal USBs should be used for everything that a USB is used for. First, let me clarify what USBs are supposed to be used for:</p>
TitanE
1 year ago