urn:uuid:f6d9e764-f597-5370-94e1-c01aa3928860 Ctrl blog Daniel Aleksandersen https://www.daniel.priv.no/ Copyright © 2023 Daniel Aleksandersen. https://www.ctrl.blog/assets/logo/logo-square.svg 2023-02-05T21:38:00Z daily 4 urn:uuid:70607ead-1938-43b0-ba58-f4a0a34ef953 2023-02-05T21:38:00Z 2023-02-05T21:38:00Z Norway’s BankID undermines anti-phishing best practices An easily-spoofed iframe embedded onto every random online merchant’s websites is not a safe place to enter my bank password! Is it really BankID‽ <p>Imagine a privatized nationwide authentication system used to access government services, confirm contracts and online payments, and everything else. Now, imagine that the system was designed to be extra friendly to imitation and credential theft (“phishing”). Here’s everything wrong with Norway’s BankID authentication system.</p> <p><a href="https://www.ctrl.blog/entry/bankid-iframe-phishing.html#src=feed">Read more …</a></p> urn:uuid:7b453461-c66a-45db-acb7-06207a4ef953 2023-01-01T22:26:00Z 2023-01-01T22:26:00Z I’ve joined Vivaldi Technologies Back in November, I began my new job as a Quality Assurance (QA) Tester at Vivaldi Technologies. Vivaldi is the productivity super-app of web browsers. <p>On November 1st, I joined familiar faces from my days at Opera Software and new colleges at Vivaldi Technologies. I joined as a Quality Assurance Tester working on the Vivaldi web browser product for mobile and desktop.</p> <p><a href="https://www.ctrl.blog/entry/vivaldi-technologies.html#src=feed">Read more …</a></p> urn:uuid:487cc23e-2503-4b15-83cc-46d73aa64d35 2022-11-14T22:15:00Z 2022-11-14T22:15:00Z Sync issues finally drove me away from the Joplin note-taking app Joplin for Android stopped supporting local file syncing and Syncthing. I tried cloud-storage alternatives, but the other sync methods are slow and unreliable. <p>My note-taking app of choice for the last three years has been Joplin, an open-source note-taker for Android, Linux, MacOS, and Windows. As I discussed in my app review, the desktop app is good, but the Android app has some issues. In the last year, updates to the app have brought along more issues. I can no longer rely on it, and the time has come for me to migrate away from the Joplin app.</p> <p><a href="https://www.ctrl.blog/entry/joplin-notes-sync.html#src=feed">Read more …</a></p> urn:uuid:1a7d38d8-2b1c-4c40-8933-fd052e8c2142 2022-11-08T22:29:00Z 2022-11-08T22:29:00Z Don’t record your social life on an append-only social network The tech behind peer-to-peer (P2P) social networks such as Secure Scuttlebutt enforces permanency. Absolute permanency isn’t what you want in a social network. <p>Secure Scuttlebutt (SSB) is an alternative, self-governed, distributed social network without gatekeepers. You only see updates and mentions from people you follow, so moderation isn’t as much of an issue as on Twitter. However, the technology that powers the platform is ill-suited for sharing things with our ever-changing social circles.</p> <p><a href="https://www.ctrl.blog/entry/append-only-social.html#src=feed">Read more …</a></p> urn:uuid:53bc6889-732e-49bf-9de2-08ec110fda20 2022-10-25T15:08:00Z 2022-10-25T15:08:00Z First look at Microsoft PC Manager and its conflicting interests First look at <cite>Microsoft PC Manager</cite> and its conflicting interests Microsoft’s new PC cleaner app puts the company’s interests in front of its customers’. At least it doesn’t over-promise and under-deliver like its competitors. <p>Microsoft is testing a new app to compete with the many dubious “PC cleaner” software available on the market (like CCleaner and CleanMyMac). However, Microsoft’s new app looks out for the company’s interests before its customers’.</p> <p><a href="https://www.ctrl.blog/entry/microsoft-pc-manager-conflicting-interests.html#src=feed">Read more …</a></p> urn:uuid:8daecf9b-084a-4ec3-a0c3-b2e783c378c2 2022-10-21T13:13:00Z 2022-10-21T13:13:00Z The frustrating RouterOS–WireGuard VPN peering bug A bug in RouterOS’ webconfig interface caused me to waste hours troubleshooting what I initially believed was a mistake in my WireGuard VPN configuration. <p>I’ve wanted to move my home virtual private network (VPN) server from a virtual machine onto my physical MikroTik router. I use the VPN to connect back to my home network to reach internal devices and services when I’m out and about. The router runs the RouterOS operating system, which supports WireGuard, a modern VPN protocol. I wasted several afternoons and late evenings but didn’t manage to set it up. It would turn out that a bug caused all my hardship in the MikroTik web configuration interface.</p> <p><a href="https://www.ctrl.blog/entry/routeros-wireguard-peer-bug.html#src=feed">Read more …</a></p> urn:uuid:411d5307-7d8f-4581-b275-e63be128dc69 2022-10-15T12:23:00Z 2022-10-15T12:23:00Z TP-Link network equipment hijacks some DNS requests No one remembers the IP address of their favorite websites. Why should you remember your router’s IP address? TP-Link hijacks DNS to give itself a domain name. <p>TP-Link network products — including Wi-Fi routers, repeaters, and access points (AP) — use deep packet inspection (DPI) to intercept specific domain name system (DNS) requests. Each product looks for one or two domain names and will hijack the request to issue a local response containing its own internet protocol (IP) address.</p> <p><a href="https://www.ctrl.blog/entry/tplink-dns-hijacking.html#src=feed">Read more …</a></p> urn:uuid:4c301105-5fa9-4f2a-bd38-7604b11b9d70 2022-10-10T10:34:00Z 2022-10-10T10:34:00Z I miss del.icio.us – the web’s discovery-engine and link classifier The early 2000s social bookmarking and link-sharing website was great for organizing and discovering the web by topic. I really wish it still was around. <p>Delicious (stylized after its domain <code>del.icio.us</code>) was a social bookmarking website. It might not sound all that interesting, but it was one of the best websites in the early 2000s. Here’s why I miss this defunct website so much.</p> <p><a href="https://www.ctrl.blog/entry/delicious-bookmarks.html#src=feed">Read more …</a></p> urn:uuid:3e3cceea-cea2-4378-a8b5-845c629c3ec9 2022-10-09T12:20:00Z 2022-10-09T12:20:00Z A Sony Headphones app feature kills your phone’s battery life Adaptive Sound Control auto-adjusts your noise-canceling and ambient-awareness levels based on detected activities and location. At a significant battery cost. <p>I recently bought a pair of Sony WH-1000XM4 wireless headphones (available on Amazon). Many of the headphone’s capabilities are unlocked using the Sony Headphones Connect (SHC) companion app. Unfortunately, the SHC app slashes hours off my phone’s battery life. Here’s what the app did wrong and how to rein in its energy consumption.</p> <p><a href="https://www.ctrl.blog/entry/sony-headphones-app-battery.html#src=feed">Read more …</a></p> urn:uuid:0e9c97b8-9661-4c7d-a923-1634b0cb23d5 2022-10-05T14:23:00Z 2022-10-05T14:23:00Z A closer look at Steam’s local network cache proxying protocol Valve Software has introduced a new automatic method for caching game downloads on a local proxy server without needing to reconfigure individual Steam clients. <p>There’s no need to waste family game-night time waiting for the same Steam game to download over the internet! All you need is a local caching proxy server. Repeated downloads from a local cache are faster, and you free up your internet bandwidth for other things (like downloading other games). Steam clients will even auto-discover and self-configure to use your local cache.</p> <p><a href="https://www.ctrl.blog/entry/steam-lancache-protocol.html#src=feed">Read more …</a></p> urn:uuid:5e347908-06ab-414a-9293-c40c1601f480 2022-09-20T14:03:00Z 2022-09-20T14:03:00Z You don’t want to be on Cloudflare’s naughty list My home IP ended up on Cloudflare’s naughty list for six days. Most websites and many apps loaded slowly, partially, or not at all. Just had to wait it out. <p>I don’t know what I did wrong, but I’ve angered one of the titans of the internet! For the last six days, my home internet connection has been partially broken. Some apps and many websites either load slowly, partially, or not at all. Everywhere I go, I’m greeted by the same blockade message from Cloudflare.</p> <p><a href="https://www.ctrl.blog/entry/cloudflare-ip-blockade.html#src=feed">Read more …</a></p> urn:uuid:3c0ff38a-0d91-4ae4-bdbd-d48b2aeec85b 2022-09-20T09:32:00Z 2022-09-20T09:32:00Z Review: Aqara indoor climate sensor (for home automation) The Aqara temperature and relative humidity sensor for Zigbee-home automation is unreliable and it doesn’t work in humid environments (where you’d want one!) <p>The Aqara Temperature and Humidity sensor by Xiaomi (available on Amazon) is a popular option to capture indoor climate data for home-automation systems. The sensors are small, plainly designed, cheap, promise 2-year battery life, and run on the Zigbee mesh-network protocol. However, they’re also notoriously unreliable, which defeats the desired set-it-and-forget-it target for the sensor.</p> <p><a href="https://www.ctrl.blog/entry/review-aqara-indoor-climate-sensor.html#src=feed">Read more …</a></p> urn:uuid:c4e5ee2d-3514-42bb-a27e-2760b2f37758 2022-09-04T14:01:00Z 2022-09-04T14:01:00Z TP-Link band-steers 2,4 to 5 GHz Wi-Fi even when the radio is off TP-Link Wi-Fi access points mindlessly band-steer clients off 2,4 GHz to the 5 GHz radio; even during periods when the 5 GHz radio is powered off. <p>My TP-Link EAP653 (available on Amazon) Wi-Fi access point (AP) has some features that don’t work well together. Who would have thought that its proprietary extensions to the Wi-Fi standard would cause compatibility issues with clients?</p> <p><a href="https://www.ctrl.blog/entry/tplink-band-steering.html#src=feed">Read more …</a></p> urn:uuid:9b1da4ae-7a06-499c-b967-08baf06e6872 2022-08-20T12:48:00Z 2022-08-20T12:48:00Z Finally fixed my PC’s persistent graphics and audio stutters I experienced intermittent stuttering when my PC ran Linux and Windows. A mix of hardware, firmware, and driver issues created a difficult to diagnose problem. <p>I’ve set up my gaming computer with dual booting between Fedora Linux and Windows 11. The Windows 11 installation doesn’t see much use these days since PlanetSide 2 became available on Linux. For the last two months, the system has suffered from stuttering issues during regular use and gaming. The display stops painting or gets partially corrupted, audio goes silent, and all operations halt for 0,5–2 seconds. Sometimes, the system even crashes, but it usually recovers by itself.</p> <p><a href="https://www.ctrl.blog/entry/troubleshoot-stuttering.html#src=feed">Read more …</a></p> urn:uuid:e37b8590-a8c5-4159-96a1-e50e89bb82f8 2022-08-12T16:16:00Z 2022-08-12T16:16:00Z Stop using DICT dictionary apps (such as GNOME/MATE Dictionary) MATE Desktop installs a Dictionary app (a fork of the retired GNOME Dictionary app). The apps don’t protect your pricacy, and you might want to stop using them. <p>The MATE Desktop for Linux installs a Dictionary app by default (a fork of the retired GNOME Dictionary app). The apps don’t protect your privacy, and you might want to stop using them.</p> <p><a href="https://www.ctrl.blog/entry/dict-protocol-privacy.html#src=feed">Read more …</a></p> urn:uuid:fd01bf1b-cc6d-47bb-9045-f2015a5e5f4d 2022-08-02T07:25:00Z 2022-08-02T07:25:00Z “Gigabit Router” doesn’t mean it can deliver gigabit internet speed Make sure you buy a network router that can fully exploit your gigabit internet connection. Many routers say gigabit on the box, but doesn’t deliver gigabit speed. <p>Most manufacturers of consumer-grade network routers (both Ethernet and Wi-Fi) brand their products as “Gigabit Routers”. At the very least, it’ll say “Gigabit Ethernet”. However, neither term necessarily means the router can fully exploit your gigabit internet connection.</p> <p><a href="https://www.ctrl.blog/entry/gigabit-router.html#src=feed">Read more …</a></p> urn:uuid:bc46ab39-9a74-4690-8896-eed28aac875b 2022-07-20T09:26:00Z 2022-07-23T19:06:00Z TeamViewer installs suspicious font only useful for web fingerprinting A weird almost unreadable font file bundled with TeamViewer for Windows software lets website detect if you’ve installed the software. Raises privacy concerns. <p>So, here’s a bit of a mystery: Why does TeamViewer – the popular remote desktop program – install a font it doesn’t use on your computer? The abstract font (shown in the above image) doesn’t seem to serve any purpose in the software. Intentional or not, it enables websites to detect if you have TeamViewer installed on your computer.</p> <p><a href="https://www.ctrl.blog/entry/teamviewer-font-privacy.html#src=feed">Read more …</a></p> urn:uuid:210a619d-598e-4152-a92c-2f942e163c47 2022-07-10T13:26:00Z 2022-07-10T13:26:00Z On-device browser translations with Firefox Translations Firefox can now do offline and privacy-preserving translation of eight languages with more on the way. Powered by open-source and machine-learning. <p>The Mozilla Firefox web browser is finally beginning to catch up in a market where every competitor has an online language translation service feature. Firefox recently debuted its long-awaited privacy-preserving on-device translation service.</p> <p><a href="https://www.ctrl.blog/entry/firefox-translations.html#src=feed">Read more …</a></p> urn:uuid:1e18b7cf-116d-439d-b00c-3cbd4c18ea88 2022-07-01T09:10:00Z 2022-07-01T09:10:00Z How to set per-creator/channel playback speed on YouTube Fine-tune your preferred playback speed per-channel with Samuel Li’s Speed Controller for YouTube extension. Set and forget on your favorite slow channels. <p>You can find hundreds of browser extensions that let you fine-tune the playback speed for all YouTube videos. I’m happy with the default speed of 1× for most videos (and music). However, I want to speed up some channels without having to tweak the speed dial every time. Enter Samuel Li’s Speed Controller extension.</p> <p><a href="https://www.ctrl.blog/entry/youtube-per-channel-speed.html#src=feed">Read more …</a></p> urn:uuid:04ed7eaa-de8e-4b5c-820c-2280396fbf95 2022-06-15T15:12:00Z 2022-06-15T15:12:00Z Review: Dygma Raise split mechanical keyboard for enthusiasts The Raise is two fully programmable keyboards with eight independent thumb-keys instead of a space bar. Its unique hardware comes with unique software problems. <p>The Dygma Raise is a splittable 60 % mechanical keyboard; meaning it has no function key row, navigation keys, arrow keys, or numpad. It’s squarely targeted at keyboard enthusiasts willing to pay 350 USD for a keyboard with fewer standard keys plus a unique two-rowed eight-key space bar design.</p> <p><a href="https://www.ctrl.blog/entry/review-dygma-raise-split-keyboard.html#src=feed">Read more …</a></p> urn:uuid:ad15d106-70ed-465a-a4d6-708f28641574 2022-06-13T13:36:00Z 2022-06-13T13:36:00Z 7 simple bot detection methods that won’t inconvenience users Protect your contact, comment, or other forms from spam submissions by evaluating minute details about how it got submitted. Privacy-preserving. No CAPTCHAs. <p>Millions of (poorly coded) bots relentlessly crawl the web to detect and spew junk content into any form they find. The go-to countermeasure is to force everyone to complete a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA). CAPTCHAs are those annoying user-hostile tests where you type in skewed letters or identify objects in photos. They require cultural familiarity, introduce accessibility barriers, and waste everyone’s time. Instead of using a CAPTCHA, you can detect and block many bot submissions using completely unobtrusive form validation methods.</p> <p><a href="https://www.ctrl.blog/entry/detect-non-browser-form-submission.html#src=feed">Read more …</a></p>