VeraCrypt Is Too Slow And Complex

Now that more Truecrypt weaknesses have been revealed the open-source solution taking its place appears to be VeraCrypt. Yet its extra-secure encryption of the system partition adds so many rounds booting is slowed and the extra PIM concept mandates an extra step to every startup. This situation makes it even less suited to non-technical users than TrueCrypt before it.

Steve Gibson may be ready to recommend VeraCrypt, but I don’t think it’s ready for the masses; up to version 1.15 anyway. After clocking my boot time with system encryption it took an extra 85 seconds. Talking non-technical friends and family through even basic use of TrueCrypt volumes was challenging enough. VeraCrypt’s additional Personal Iteration Multiplier certainly adds more security. Still, the extra step and forgettable-yet-necessary element is only making it less novice friendly.

Another long term problem is VeraCrypt’s lack of Secure Boot support. This prevents booting with whole-disk encryption on machines locked down within UEFI’s boot-loader signing. Hopefully VeraCryp support will be done before Secure Boot becomes widespread.

Now having tried the built-in encryption features of Windows, OS X, and Ubuntu Linux the VeraCrypt software does still offer a nice cross-platform solution. The VeraCrypt UI is also easier than Linux, though it has a way to go before being as easy as Windows and OS X. With a little UX love and simpler defaults VeraCrypt has the potential to offer a compelling alternative for regular folks.

Exercise That Saves Me Hundreds Per Year

Needing more exercise and reducing fossil fuel use are two birds. My bicycle is one stone, and with it I hit them both by schlepping groceries and other purchases after shopping. Let’s call it ‘schlopping’. My guess is that in the past 2 years of doing so I’ve saved about $1600 and 670 gallons of fuel. It’s also helped me stay in shape.

Having a desk job for over a decade has not made me the healthiest worker. So after my bike’s saddle bags spent a year rotting in the basement I finally got around to installing them. Since then any trip around town has been a good excuse to get some exercise. As long as there isn’t too much snow, ice, or salt in the way it can work well. Even in northern Ohio this has only prevented me from riding twice.

Safety equipment like a helmet, lights, and gloves also reduce some of the risk factors. Careful riding also helps. But to be honest, it is tempting to cut corners and ignore traffic laws; especially on long rides. Thankfully, I’ve only had one moderately serious accident thus far. Strangely enough it was not one of my frequent shopping runs but a relatively rare joy ride.

Still, keep in mind that all our sitting has risks too, more so when when driving/riding. Of course how the risks of walking/riding vs. driving/riding stack up to each other vary quite a bit. Things like distance of trips, traffic volumes, kind of vehicle, physical health, and availability of bicycle lanes are complicating factors. Your mileage may vary.

Despite the modest costs, different risks, and extra time involved in bicycling or walking the gains are certainly worth it for me. Improved health, reduced environmental impact, and net savings of hundreds per year are too much to pass up.

Unused Work Does Not Have To Be Discouraging

Soon after being hired my boss told the story of a project he worked on for a significant amount of time; like months. It never saw the light of day. Subconsciously I think I denied that would ever happen to me, at least not for any major work. Four years later I had not yet encountered such hardship. Yet soon enough that all changed.

Worse than seeing my work tossed, I had to make the call to discard a coworker’s serious effort. After a long delay a key component of the work had been lost. So instead I had to redo the entire project from scratch. Ironically enough my effort turned out to be doomed as well.

At the very end of the rewrite, with only one feature left, I discovered the platform vendor’s latest development kit lacked any encryption libraries. (Finding out so late was a rookie mistake on my part.) When they finally produced a suitable kit the platform had changed so much I couldn’t port my rewrite in a timely manner. So with much chagrin I rewrote it again with the suitable kit and all was well–except for my ego.

Despite wasted time and resources one can typically find something good whenever work goes unused. Over the years I’ve been reminded of a few:

  • It is a learning opportunity
  • Helps avoid getting overly attached
  • New ideas often accompany do overs
  • Practice
  • Redos are a chance to develop grit

Of course these rarely add up to match the lost time or money. But if the learning opportunities are maximized it can save a lot more in the future.

It can be especially frustrating for those of us who are technical to accept non-technical reasons for work to be mothballed. For us “business reasons” can feel so abstract and intangible. It’s almost as if it’s arbitrary and frivolous. Still, businesses exist to produce a profit, and even organizations have to make trade-offs when their resources are limited.

Until time travel is sorted out, forecasting client needs or project requirements will almost certainly remain an inexact science. While we wait for our future overlords to return let’s take solace by remembering the good that can be salvaged from the ashes of our abandoned work.

You Can Raise Any Price Except ‘Free’

When prices go up existing customers feel like they got in at the right time. Prospective customers who missed the sale may feel left out, unless there is a hope for sale in the future or price increases are consistent. But there is one price that seems to have more inertia than any other: free.

A while back on This Week In Enterprise Tech one of the hosts made the point that permanently lowering a price is challenging because of the potential for resentment. After all, no customer wants to find out what they just paid good money which they could have saved. Yet they also mentioned that raising the price is typically not a problem. As a consumer I’d say this is true.

Products improvements and inflation have conditioned me to expect most of the products or services I enjoy to increase in price: appliances, movie tickets, food, and so on. (Preferably this is gradual or otherwise feels justified.) So why is it that seeing a product go from free to paid often involves a backlash? Examples include LogMeIn, ZenDesk, and more recently Steam mods. My guess is the mental gap between free and even one dollar is larger than from one dollar to five.

Initially my preference for free products was driven by the desire to save money. Though over time I became fixated on the other benefits as well:

  • Easier sharing with friends and family
  • Feeling secure that I won’t forfeit the purchase when changing platforms
  • Simpler experimentation without having to go back and pay for what works best (such as for evaluation-only trials)

Of course nothing is truly free of cost. This was often clear in the quality of free offerings compared to paid ones. Microsoft Paint was included with Windows for free while PaintShop Pro was a paid product. Ultimately I got more use out of PSP. Doom modding tools were free, still I found myself far more productive with the non-free Klik & Play; albeit making simpler projects.

Even in mobile gaming where ‘free’ now dominates, typically with quality included, the shifting and hiding of costs is increasingly distasteful to me. Producers are tempted to not only make things enjoyable but rather tease players into paying ever more. Sometimes it manifests as pay-to-progress or pay-to-win. And while ‘shareware’ and trial editions have a similar model they are often explicit, one-time payments. Producers are less likely to string players along.

Now that I’m older and more patient paying for quality products and waiting for sales appeals a lot more to me than in past. Being a producer has also changed my perspective on what ‘free’ really means. Yet there’s still that twinge of discomfort when the ‘buy’ button is in the way. Perhaps it’s the feeling of lost opportunity since I could spend the money on something else. But once I’ve paid the bills and saved enough for long-term goals there’s very little reason to hold back. After all, I can’t take it with me.

Browser Support For Custom Schemes Too Troublesome?

Every so often my mobile phone’s browser will spontaneously open an app store. And apparently it’s a known problem with shady ads abusing the prefix (a.k.a. URI scheme) of links. Typically this prefix is the familiar “http:” or “https:”, but when other, recognized values are used it can open software outside the browser.

One of the earliest such schemes I came across was the “mailto:” form. And when a link is activated it often opens one’s e-mail application to send mail to the address indicated. Early on this was quite useful, and some standards were created for interoperability. Nowadays it has expanded to include non-standard schemes for specific services and applications:

  • “steam:” starts the Steam gaming software
  • “itms:” opens iTunes Music
  • “market:” initiates Google Play’s marketplace

Yet rarely have I found a need for these custom schemes to do something meaningful. Often they serve only to get in the way like podcasts only publishing through iTunes, which I don’t have, or the random ads opening Google Play.

Programming As A Privileged Career

Some friends in more traditional careers like farming and manufacturing have opened my eyes to the privilege it is to have a job in software. Looking at the bigger picture reveals that programming for a living depends upon many other roles to enable such an abstract pursuit. Working from the bottom of Maslow’s hierarchy I can imagine these would at least include: food production, waste management, housing, medical care, police, a justice system, electricity production, hardware manufacturing, and transportation services.

One experience in particular stands out as a moment of awakening. During long drive on vacation conversation turned philosophical as my friend shared his perspective on disappearing skill sets maintaining expensive and old, yet very profitable, manufacturing equipment. Since he was experienced and flexible he was able to keep the machines running, but he encountered few as willing or knowledgeable within mechanics and electronics. While I’d like to be as adept at keeping my existing belongs chugging too, doing so in the face of increasingly –maybe unnecessarily– complex things makes repair and maintenance less practical. And sadly few can afford to be the repair experts when we consumers are so quick to replace them with new and shiny.

Farming in North America was a career for 90% of the population as late as the American Revolution. Now it has dwindled to about 1%. A highly specialized society has certainly broadened the choices for careers in the modern age. It has also increased the need for higher levels of education. And in scarce job markets the competition for work means employers can be selective.

Despite the downsides one sometimes faces as a software or services producer, it is still quite a privileged endeavor compared to many others. Next time I’m waiting in line for service I’ll have to remember all this. I’d rather not go back to the job behind the counter, and I certainly don’t want to make it any worse for those who have no choice.

Secure KeePass’s Window With LockyWindow

Having used KeePass for years I’ve longed for a way to secure the window while still auto-typing with shortcuts or integration plug-ins. So recently I made LockyWindow as a paid plug-in for the professional edition (v2) of KeePass password safe.

Unlocking the window can be done with the master password or a customizable quick-unlock PIN. The locking period can be customized to fit your preference. One can also lock or unlock using the shortcut or menu item.

You can find out more on the product page at PaulRRogers.com/lockywindow.

Despite SuperFish, Bundled Software Is Not All Bad

Recent news surrounding Lenovo‘s shipping the insecure adware known as SuperFish has stirred up more hate for bundled software. Yet I’d guess we have all relied upon pre-installed software and enjoyed the benefits of additional bundling. Most devices and PCs come ‘bundled’ with operating system software such as Microsoft Windows or Apple OS X. Other less controversial categories include media software (think DVD or Blue-ray codecs), games, office suites, and security tools.

Samsung is a company known for its bundle-ware. So much so that Korean courts have ordered them to allow customers to remove the software from their phones. On the other hand I’ve found some of their offerings quite useful:

  • Calendar and tasks are solid and Exchange compatible
  • Customized tray is quite convenient
  • Integrated power-saving mode has helped with battery life
  • Samsung Knox allows me to encrypt my phone without rooting
  • Timer and alarm clock apps are both solid and easy to use
  • Voice recorder is solid and advertisement free

Knox was apparently so well received that Google has integrated it into Android. My other, non-Samsung phones have also included a mix of useful, and not-so-useful bundles. A few of the best included the Swype keyboard and a handy automation feature.

Of course not all bundled apps are appreciated: Samsung’s Magazine app is not my first choice, the sketchbook is not the most obvious, and I’m not a big fan of Uber’s ride-sharing app being automatically installed with a recent update. That being said, on the whole the good ones far outweigh the others.

Bundling can have downsides besides annoyance or security bugs. When platform makers have too much power, such as a monopoly, their bundling can be anti-competitive: swallowing up whole markets. Still, from the customers perspective the lower prices, (sometimes) enhanced ease-of-use, and heavy discounts on bundled software are tough to resist. Besides gradually giving more and more money to fewer and fewer companies is a disadvantage few customers probably consider when they’re shopping.

Imagine buying a new PC and not being able to play DVD’s or music without paying extra? That was the case with the original Xbox because of the added cost to license the patents. Today most devices can playback media using common, patented technology because those licenses are already part of a bundle. Likewise most can open a PDF document, a spreadsheet, and update their own hardware drivers without extra effort because of bundled software. So next time you encounter a new device with a desktop full of icons remember there may be some treasure hiding there.

FocyOverride Gives You Control Of Browser Focus

You can control the default form focus with this new, premium Firefox add-on. As a long-time KeePass user I often found myself clicking on the same user/e-mail field time and again to begin auto-typing. A few years back I made this to override the default page focus, or lack thereof. Now I’m offering this as a product so you too can take control of Firefox’s form focus.

It can also highlight focused inputs, select input content, and help with voice control by blurring focus so elements can be called out. Upgrades are free for life, and a money-back guarantee is included.

For more information see the product page at PaulRRogers.com/focyoverride.

Ad Blocking Robs Everyone

Internet services and web content take time and energy to develop and maintain. Since the Web opened to commercial business and broader public adoption in the 1990’s it has been increasingly funded by advertising. Yet tools which block ads, like Ad Block Plus, undermine this support. Without compensation for their work the people who produce websites and services will have to find another way to get paid or stop producing.

Of course nothing in life is completely free, but the increasingly easy access to the Net make it seem that way. While we consumers pay for access to the network, it’s often advertisers who pay for the content we enjoy. This makes a large volume of work available that might not be accessible. Before commercialization web access was typically only available at large institutions like universities, governments, and large companies. So naturally content was tailored for this audience; research, educational resources, and business records.

As more consumer content (like games, music, and news) came on-line it became more worthwhile for the general public to get involved. But without ads growth was slow. Since then on-line advertising and network technology matured some advertising is yielding to direct purchasing and patronage. It’s happening with movies on Netflix, music on Spotify, and publication with Patreon and Google Contributor. Though, given how modest direct contributions are compared to market of paid and free-with-ads-or-in-app-purchasing it appears most consumers opt for ads over paid subscriptions. In other words, we’re more willing to give up time than cash.

Ads also lower the barrier to entry which makes the web more accessible to those who are unable to contribute directly to producers; whether because of the cost, technological, or regional barriers.

Certain ad blockers and blocker producers claim that they’re only avoiding annoying ads. Yet they still consume the content regardless. So it’s like saying “I only steal from stores when the payment is distasteful”.

AdBlock Plus looks especially hypocritical as they extort payment from advertisers to avoid blocking. Perhaps they’ll also unblock their own advertising

Now I’m no saint either. Before fully understanding the consequences, I used such blockers as a way to avoid annoyances on the web. In fact the act of writing this article has made me rethink my use of RequestPolicy and similar tools to avoid loading unnecessary assets. One could take this view to the extreme and say that disabling plugins like Flash is theft since ads may depend upon it. Accessibility tools likewise may restrict how the web is presented. However, in such cases the intent is significantly different and advertisers often have a way to fall back to self-hosted ads, ads without plugins, or without images. Even so I’ve decided that my blocking of all 3rd-party resources is going too far.

We as consumers can chose to avoid advertising on the Internet, but the only ethical solution is to pay producers ourselves or do without their services. Anything else is theft. Otherwise the decreasing effectiveness of ads will probably lead to less content for all of us.