diff --git a/ask/index.html b/ask/index.html index 2a243dc..f87bde3 100644 --- a/ask/index.html +++ b/ask/index.html @@ -18,6 +18,9 @@

sf.me > Blog > Use AnySoftKeyboard

Use AnySoftKeyboard

+

Posted on: 22 September 2023

Reading time: 3 min

Category: Software

Your smartphone keyboard is an astoundingly sensitive piece of software. You use it to type everything from the most innocent of messages to the most crucial passwords. In terms of messaging on encrypted chat applications like Session or Signal, your smartphone keyboard bypasses encryption. They could know what you are searching about even on private search engines like SearX. This is because your keystrokes are unencrypted. With respect to passwords, your smartphone keyboard, if invasive, can potentially view your bank account details. This means that an individual who can access your smartphone keyboard does not need to utilize advanced techniques to view your data. Therefore, in terms of trust, you should make sure you absolutely trust your smartphone keyboard not to store your written text.

When you keep the above statements in mind, it gets unhealthily fear-inducing when you read how SwiftKey had a cloud syncing glitch which led to users being able to view other users' email addresses. It is also scary how SwiftKey that shipped by default on 600M Samsung Galaxy smartphones had a vulnerability that allowed hackers to setup a proxy server to access sensors and install apps without the user knowing. There was also a keyboard called ai.type that had over 40M users. Out of these, 31M users had their data leaked because the MongoDB database had no password. This included information like phone numbers, full names, device names and models, screen resolution, Android version, IMSI and IMEI numbers, email addresses, country of residence, social media profiles, IP addresses and even locations.

diff --git a/ask/voiceover.mp3 b/ask/voiceover.mp3 new file mode 100644 index 0000000..0e50d74 Binary files /dev/null and b/ask/voiceover.mp3 differ diff --git a/crypto/index.html b/crypto/index.html index 18cc8c2..1f4181e 100644 --- a/crypto/index.html +++ b/crypto/index.html @@ -18,6 +18,9 @@

sf.me > Blog > Keep Crypto Off Exchanges

Keep Crypto Off Exchanges

+

Posted on: 14 March 2023

Reading time: 3 min

Category: Software && Technology

diff --git a/crypto/voiceover.mp3 b/crypto/voiceover.mp3 new file mode 100644 index 0000000..2ac9d10 Binary files /dev/null and b/crypto/voiceover.mp3 differ diff --git a/forget/index.html b/forget/index.html index 86b10ff..963c199 100644 --- a/forget/index.html +++ b/forget/index.html @@ -18,6 +18,9 @@

sf.me > Blog > Forget Your Passwords

Forget Your Passwords

+

Posted on: 9 September 2023

Reading time: 1 min

Category: Technology

If you are trying to remember your passwords, you are doing it wrong. Trying to remember your passwords is absolutely fatal and has numerous disadvantages. To describe the demerits of trying to remember your passwords, here is a cycle that most people follow. You set a password. You forget it. You set a weaker password. And repeat.

Eventually, people have passwords that are not only weak, but they also never change them unless they forget them. This leads to passwords that are short and easy to crack. Worst of all, people continue this habit on sensitive websites like finance or government services.

@@ -25,10 +28,10 @@

"What password manager do I use?"

  1. Bitwarden (for non-techies)
    2. -
  2. KeePass(for techies)
    3. +
  3. KeePass (for techies)
-

Bitwarden is straightforward and intuitive. It is on the internet so it is less secure than password managers that are completely offline like KeePass. However, it is still much more secure than proprietary password managers like LastPass and NordPass. Everything is free (libre) and open-source software.

-

KeePass, on the other hand, is much more advanced. It is completely offline, so you need something like Syncthing to sync it to all of your devices. This is my current setup of which you can read here. It is state-of-the-art. I generate 999-character passwords with extended ASCII so my passwords contain symbols like ©æ^ and much more. These passwords have entropies above 10000 bits. For reference, an 81-bit password costs about $1B to crack.

+

Bitwarden is straightforward and intuitive. It is on the internet so it is less secure than password managers that are completely offline like KeePass. However, it is still much more secure than proprietary password managers like LastPass and NordPass. Everything is free (libre) and open-source software.

+

KeePass, on the other hand, is much more advanced. It is completely offline, so you need something like Syncthing to sync it to all of your devices. This is my current setup of which you can read here. It is state-of-the-art. I generate 999-character passwords with extended ASCII so my passwords contain symbols like ©æ^ and much more. These passwords have entropies above 10000 bits. For reference, an 81-bit password costs about $1B to crack.

All in all, you should stop remembering your passwords. The human brain is not designed for long-term storage. Let computers that are infinitely better than humans in that regard do the hard work for you.

>>> Reply To Me

>>> Download PDF

diff --git a/pgp/index.html b/pgp/index.html index dcb0a49..c28290d 100644 --- a/pgp/index.html +++ b/pgp/index.html @@ -18,6 +18,9 @@

sf.me > Blog > PGP KEYS CHANGED!

PGP KEYS CHANGED!

+

Posted on: 10 August 2023

Reading time: 1 min

Category: Updates

I forgot the passwords to my PGP keys. PLEASE DO NOT USE MY OLD PGP KEYS TO SEND ME EMAILS!!! I did not make a revocation certificate as well which is a bad mistake. I have learned my lesson to say the least. Please use my new PGP key over here.

>>> Reply To Me

diff --git a/pgp/voiceover.mp3 b/pgp/voiceover.mp3 new file mode 100644 index 0000000..3e24288 Binary files /dev/null and b/pgp/voiceover.mp3 differ diff --git a/students/index.html b/students/index.html index dac58e9..d36e9ae 100644 --- a/students/index.html +++ b/students/index.html @@ -18,6 +18,9 @@

sf.me > Blog > A Student's Nightmare

A Student's Nightmare

+

Posted on: 24 September 2023

Reading time: 1 min

Category: Literary

As I open my book to read
My eyes feel like they bleed
diff --git a/students/voiceover.mp3 b/students/voiceover.mp3 new file mode 100644 index 0000000..a5696b1 Binary files /dev/null and b/students/voiceover.mp3 differ diff --git a/svg/index.html b/svg/index.html index 5df25fe..dfe9822 100644 --- a/svg/index.html +++ b/svg/index.html @@ -18,6 +18,9 @@

sf.me > Blog > Switching To SVGs

Switching To SVGs

+

Posted on: 6 August 2023

Reading time: 1 min

Category: Updates

Debloating my website has been an educational experience to say the least. There were so many small things which seemed insignificant at first but made a massive difference to the speed of my website. Most of these changes have had little to no impact on the look and feel of my website but have reduced the size and improved the efficiency by a lot.

One of these changes was definitely moving away from Font Awesome. I did not think much of the icons on my website as they were already too many in size for me to switch every single one to another library. However, after watching this video from Eric Murphy, I thought about it. Then, I still said no because there were way too many icons on my website.

diff --git a/svg/voiceover.mp3 b/svg/voiceover.mp3 new file mode 100644 index 0000000..1ba464b Binary files /dev/null and b/svg/voiceover.mp3 differ