I often need this… originally from tomahhunt on the Arch Linux forums

The following commands resize the main partition of a new Arch Linux installation on a Raspberry Pi to fit the full disk.

Switch to root (sudo or su)
fdisk /dev/mmcblk0

Delete the second partition /dev/mmcblk0p2:
d > 2

Create a new primary partition and use default sizes prompted. This will then create a partition that fills the disk:
n > p > 2 > enter >enter

Save and exit fdisk:
w

Now reboot. Once rebooted:
resize2fs /dev/mmcblk0p2

Done!

More secure passwords are hard to remember.

Memorable passwords are easy to crack.

All passwords should be unique (one for each site/service).

Why the heck, in this day and age, are we still attached to the password? I’m sick and tired about hearing stories of mass password dumps from popular websites, of having to deal with people relentlessly trying to guess my password on different sites (and having to deal with the fallout). I’m fed up with having to have a password manager, of trying to remember so many different pieces of information, of feeling constantly jeopardised if some major site announces another leak.

The industry has resolutely failed to tackle this properly. We have half-baked ‘solutions’ like password managers and two factor authentication. We end up with identity managers: Persona, OpenID, Google and Passport come to mind, but these ultimately fall foul of the same password issue as before: you still need a bloody good master password.

Why is my device not authenticating me directly – Web of Trust and all that? Whatever happened to all those fingerprint scanners on laptops – did they not work? If my tablet, laptop or phone can absolutely confirm my identity, that should surely be available to all services and sites that I use on that device – just a thought. This is not a new idea in enterprise networks.

I might not give the ‘right’ solution (I have ideas), but I can observe that I think the current one is wrong. We continue to be failed by a lacklustre and ultimately lazy industry. Every time I see a relative or non-technical friend struggle with passwords, I despair. We collectively need to find a solution that will once and for all rid us of this awful mess of passwords.

After some decidedly choppy performance from the Nexus 7, I decided to factory reset it. Shouldn’t be a problem I thought … everything is saved up in the cloud.

Sure enough, once the tablet is restarted I am presented with a login for my Google account. I give my username and password, however I have two factor authentication enabled. This is a mechanism whereby, once typing your password, you are asked for a six digit code which rotates quite frequently. The app runs on your tablet, your phone or you can receive text messages for the same. It dramatically improves the security of your account.

The sign-in procedure for the tablet can’t cope with two-factor, and redirects me to another (slightly dodgy looking) page where I have to type my password again (it’s not easy – intentionally cryptic, and a pain to type accurately on a tablet).

So, I temporarily turn off two-factor authentication, forgetting the multitude of programs which can’t cope with it need their own passwords (and will undoubtedly complain).

This isn’t right I remind myself We need to be secure about this, so after some progress on the tablet I re-enable two-factor authentication. Now, the tablet complains again – understandably – but I’m met with the same system that can’t understand its own servers … I’m redirected back to the odd-looking webpage (this is genuine Google, it just looks awful).

To make matters more interesting, Authenticator was installed on the tablet before, so I also need to re-enable that. Curiously, selecting the Google account didn’t work (after asking for the password yet again), so I resorted to the 16 character keycode.

Finally, it works. However, I’m left frustrated by the performance. It is concerning that those who might benefit from two-factor the most, the less technical user, are expected to run through the same hoops. Not a chance.

As we stampede ever closer to online lives – our creations in the cloud – the idea that Product A works well with Product B must surely be a fading one?

Why do I care that your app syncs with Dropbox and Box.net? I do care that it doesn’t sync with Google Drive – a service I’d prefer to use.

Your timesheet app sends its data to Freshbooks? Great, but I use Kashflow and I rather like it.

We see something of a solution with Intents, both on the phone and on the web, but I’m sure there are plenty more iterations to come. Like the proprietary file formats of yesteryear, the idea that your app operates by product, not by protocol, means that it’s both limited by scope and complexity.

Incidentally: I don’t necessarily wag the finger at product designers here.

It’s quite evident that shops will up-sell over-priced accessory items when selling a large item at a lower price.

Every type of trade seems to have them. IT people are aghast at the prices high street chains charge for USB cables, those in the know will shop online in technical stores. What might cost you £20 in a well-known purple world of PCs can be bought online for less than £3, often including delivery.

We sometimes have to be careful not to buy too low. I tried some incredibly cheap USB cables (think 50p each) and they were useless. There is a quality associated with these things; high street names will pick good enough and up-charge. You have no such guarantee online – cheap really can be too cheap.

The usual accessories seem to be:

• Camera shops and lens protectors (the little glass add-ons you put in front of your expensive lens);
• Computer chains and USB cables;
• Audio/visual shops and ‘gold plated’ HDMI/audio cables;
• Most high street shops and batteries;
• Printer companies and ink;

Some are about being in the right place at the right time. Computer devices curiously come without cables; many electronic devices come without batteries. Of course, you’re in the shop and you’re likely to buy them irrespective of the price.

For the canny shopper, though, it’s quite possible to buy online or through smaller traders for the accessories while getting the main item in-store. The usual choice might be Amazon, but is this always the best? I’d like to imagine a website where a user could select the accessory they’re looking for and be pointed in the right direction by reviews. Need batteries? This place is brilliant.

My usual choices for cables (computer and audio) are eBuyer or Amazon. I haven’t bought batteries online yet but I suspect Amazon will again be a good choice (well-known brand or are there lesser-known ones that work fine?)

If you have any suggestions please let me know and I’ll put them on here.

Today and yesterday I’ve been spending a little bit of time putting together a Raspberry Pi-based webcam for my car. The idea is straightforward enough, I want something recording the road around me just in case – we’re not quite at Russian levels but it’s a precaution I’d prefer to take. It also might come in handy if meteors fall or the sea comes in.

Using motion, a Creative LiveCam and the instructions I found here I set up something which appears to work reasonably well and doesn’t instantly fill up the paltry 4GB card I have in the Raspberry Pi.

For those not yet aware, Raspberry Pis are very cheap computers – of the order of £20 – which can be powered from a phone charger (mains or, in this case, in-car) – which makes them incredibly good for fiddling about on projects like these.

I have the camera capturing at 1280×960 at one frame/second. This seems to give a reasonable balance between quality, sense of motion and processing capability. When the car is stationery and there is no visible activity it does nothing, however if motion is detected in the image the device begins to record both higher quality images and video.

I also have a small wifi dongle in the device, which means I can upload the images automatically when I’m in range of the home wifi, and I can use wifi triangulation to figure out where the car is (poor man’s GPS, basically).

Technical issues so far:

• Supplying power to the Raspberry Pi is a bit tricky. I’m using the car stereo which has a reasonably clean 5V. The Pi resets when I start the car which isn’t particularly surprising, but I risk corrupting the on-board storage if I do this.
• The webcam is not really ideal. It’s good for indoor videoconferencing and will return to that job shortly. If I spend a few more quid I should be able to get a better quality image and decent night imagery.

However, technical issues are only one part of this experiment. I’m also trying to consider the social aspects. For one, the webcam is pretty obvious (and glows blue when operating). This is a good deterrent – but might attract undue interest.

I will also be driving in places where photography is usually forbidden – UK customs tend to frown on these things (I don’t particularly think the French care less, they’re so laid back )- so I would be well advised to tip the camera away at the cross-channel port.

Finally – and this is the bit that really interests me – there is the data that could be collected. What right do I have to record others’ movements? In public it’s fair game provided I’m not using these for profit but consideration needs to be made particularly on private land and overseas.

However, this kind of capture really fascinates me … imagine for a moment if these devices uploaded to the web – to some kind of central processing house (much like Google Goggles or Waze might aggregate your data to learn or otherwise use it). These images could be used in some form of Google Street View (albeit poor quality!), to build a remarkable timeline of environments’ development, or by law enforcement officers to track cars based on your numberplate (ANPR).

If nothing else, the more cameras there are on the road, the more often we will capture extraordinary events on video. For me though, this continues to be an interesting little technical side-project, hopefully with some positive benefits and some food for thought.

A collection of some recent articles and pages I’ve found interesting…

Cloud vendors name the price to ‘go private’, where it becomes worth considering using dedicated servers – it’s about $10,000/month.

Some interesting thoughts on using Raspberry Pis and Arch Linux for dedicated servers.

Aldermore appears to be a ‘fresh-thinking’ bank in the UK, focusing on savings & mortgages.

Ways to secure your REST API from Stormpath, a user management service for developers.

I’ve been waiting to try this for a while, and this week while on a business trip I’ve finally been able to give it a go.

Presenting my mobile office! A Nexus 7, a plastic stand and a bluetooth keyboard. While I generally travel with a laptop for work, most of the evening is taken up with note-writing, media and Skype. In the spirit of testing out these things I wanted to know whether I could get by with just these devices. I have to say, I’ve covered most bases here, and am very happy not to have to lug about the heavy(/ier) laptop in the evenings back and forward to the hotel.

Very impressed with the Anker Bluetooth keyboard, which works from a couple of AAA batteries. I got the black one for about twenty quid for aesthetic reasons It’s a US keyboard. Unless you’re reaching for the pound sign or double quotes all the time this shouldn’t be too much of a problem (actually the Nexus doesn’t yet support UK keyboards natively anyway). Some of the function keys are iPad specific, but the usual volume up/down and copy/paste shortcuts work. It’s big enough for my fat fingers … I can even touch type on it, and connectivity has been very good so far.

The plastic stand for the Nexus was about three pounds (but currently sold out, so no link) and is fine for the
price. For about a fiver you could probably do a bit better.

Hopefully the Nexus 7 needs no introduction I got mine shortly after they first came out and I can’t imagine life without it now.

Incidentally, in the background you may also see my wireless hotspot. This is the TP-Link MR3040 and put shortly, it’s a wireless router which can route Internet from either an Ethernet cable or a USB modem. I am currently in a hotel which only supplies cabled Internet … pretty useless for tablets! With this device, I can connect to the Internet from my phone, tablet or laptop with ease. I also have a USB 3G modem which I use in the UK (with a Three sim-card) although more often than not I use the Wi-Fi hotspot function on my phone to tether.

I hope to write more about each device in the coming weeks, with practical guides, notes and thoughts. This three-day trip is also not nearly enough to test the setup to completion – I’ll be continuing to try out new ways of working and writing to see what is comfortable and shall report back in due course. Let us be clear about one thing though – this is a tiny yet practical mobile workstation for two hundred pounds.

LinkedIn supports HTTPS connections. If you go to https://www.linkedin.com/ your connection will be secure and your session & data kept private.

This is fine, and works well, until you click View Profile or click on a Notification. At this point it appears the site dives back to plain old HTTP. If you’re not paying attention, you won’t even notice.

Why is this a possible cause for concern? First, this suggests the cookie does not have its secure flag set, which means the authentication cookie is also being sent in ‘plain text’ and is therefore sniffable by a third party.

Second, any website being transmitted over HTTP is susceptible to manipulation. For instance, a third party could act as a proxy on a public wifi network and inject a piece of HTML or Javascript to, say, pop-up a dialog window asking you to re-authenticate.

Note – this is all a fair amount of conjecture – I need to build a proof-of-concept (actually, I’m sure many already exist), and LinkedIn is certainly not the only example. I should also point out that at least this website asks for reauthentication when viewing/editing sensitive data, which is a plus point.

It seems that typing File:/// in a Mac application will crash the Mac (OS X Mountain Lion). Most applications appear to be vulnerable, and this is something to do with URI handlers.

A long time ago, there was a bug in Windows which caused a blue screen … accessing C:\CON\CON\ would immediately cause a BSOD. Something to do with DOS redirects for comms ports.

In my foolish youth days, I turned this into a bit of a cruel prank against some friends, by sending them a link to a website which would then attempt to open the above path. Sure enough, it would crash Windows. I then stupidly fell for it myself …

Anyway, it seems this is fine in Chrome and Firefox, but it looks like Safari is vulnerable. Can any Mac users confirm (once you’ve saved all your files!) if the following link successfully crashes the browser? Here it is.

I don’t have a Mac to test, but it looks like the bug is more to do with text entry than anything else … so perhaps creating an INPUT type=text field and autopopulating the field would also work?