How A Grumpy Programmer Secures Their Laptop

January 9th, 2017

On the /dev/hell podcast episode I recorded with Ed last night, I got the chance to talk at length about my early experiences with my new laptop. According the 'About This Mac':

  • MacBook Pro (13-inch, 2016, Four Thunderbolt 3 Ports)
  • Processor 2.9 GHz Inetl Core i5
  • Memory 16 GB 2133 MHz LPDDR3
  • Startup Disk Macintosh HD
  • Graphics Intel Iris Graphics 550 1536 MB
  • Pretentious Level High

Thanks to a focus by Apple on People Not Like Me, I was able to get up and running really quickly on my new laptop. The Migration Assistant worked perfectly except for not copying over some saved game files for a Steam game that I play quite a bit (Football Manager 2016). Especially when I have a setup that requires the use of SSH keys and applications all configured to my liking, this was awesome.

My next thought turned to security. Clearly we are in a era where attempts to access people's computers is on the rise. Not that I am thinking I am the target of a shady cabal of l33t hax0rs being paid by shadowy security forces of governments that don't like my politics, but I want to at least make them work a bit. So I want to share what I decided to do.

I've been using FileVault for a long time (in fact, it was a requirement for me if I wished to use my own equipment while working for Mozilla).

After that, you have all sorts of options. After seeing a Tweet from someone mentioning a bunch of tools that can help increase the security of your laptop I decided to take the plunge.

First, I installed Little Snitch. It monitors all my network connections and provides me with a bunch of options to allow or deny the connection, forever or just for a limited time. Starting with this tool I had to (and still are, to a minor extent) acknowledge and decide what to do about a ridiculous number of connection attempts by all sorts of programs. For the older crowd, I feel like I am playing some new version of Everquest. So. Much. Furious. Clicking.

Not content to develop repetitive stress injuries to my right hand, I installed Little Flocker. It's a good complement to Little Snitch -- it watches for any interactions with files, looks for keystroke loggers, and checks for malware. More. Clicking.

Next up was to install Micro Snitch to tell me any time my webcamera and microphones were being used. More alerts to acknowledge but at least my microphone only turns on when I need it to. So far.

Finally I installed BlockBlock to let me know if something keeps trying to install malware in known locations. Just another layer of security for someone to overcome. They clearly indicate that the application is in beta, so keep that in mind.

With those apps installed and running and configured, I massaged my very sore wrist and started reading this awesome document at the suggestion of a kind soul on Twitter. Lots of great stuff in there that you can do and raises interesting points about deciding what type of threats you are looking to protect yourself from. Here's a list of the advice from it that I followed:

  • patch everything when updates are available
  • frequent system backups (shoutout to Backblaze)
  • full-volume encryption
  • third-party firewalls
  • Disable Spotlight Suggestions
  • Use Homebrew
  • use dnsmasq, DNSSEC and dnscrypt
  • turn off captive portal
  • use Privoxy as a local web proxy

I plan on implementing some of the other recommendations, but that's what I started with. For Mac users, please read through that document. So much good stuff along with explanations of why you should do it.

Hope that helps!

From macOS to Windows 10 - Part 3

November 28th, 2016

Could Be Called 'Revenge Of The Comfortable'

Welp, the Surface Book sat on my desk next to my MacBookAir in it's Henge Dock and didn't get used beyond Monday. I had some rough times with it that made me retreat back into the comfortable arms of macOS.

In our previous post I mentioned some things I had to take a look at. How did that go?

Needed an HTTP client similar to Paw

Ugh -- nothing I found was similar enough and I also encountered something that became a recurring theme -- how much work did I want to do in order to master a skill but using a different tool? The answer was "not much".

That's probably a personal failing but at age 45 I'm not sure how much time I want to spend remapping those hard-fought memory mapped skills. I'm sure you are starting to guess what the final conclusion might be.

Connect To External Monitor And Keyboard

I didn't bother pairing the bluetooth keyboard I'm currently typing on to the Surface Book, but getting the monitor connected was. Multiple hours spent trying to figure out what the problem was. Was it the drivers? Was it my old monitor? What the hell was happening here -- mini display port to HDMI works just fine on my Mac. In the end, it would only work when I used a mini-display-port-to-VGA connector. It's 2016 and I was highly disappointed.

This then prompted another hour of me searching around looking at monitors (hey, a 4K one sounds great) to discover it wouldn't work with my current laptop and might not work correctly with a Surface Book (not all apps scale properly).

Better Hosts File Management

"Just edit it with Notepad" -- said by people that never used Gas Mask

Battery Life Is Weird

One of the reasons I thought the Surface Book would be enticing is I could detach the screen and use it as a tablet. That actually worked okay...but I would run low on battery after about an hour of usage. That is way less than what my ancient iPad 3 gives me.

I don't really use my laptop much unplugged, but a tablet that has really poor battery life isn't that great.

Maybe The Best Change Is No Change

Look, I know people are going to think I'm weak-willed about this. Yes, the Win10 platform has made leaps and bounds. I did find it jarring to use, and I was actually able to do everything I needed to do at my day job with it. Bash on Win10 worked great (except for curl not working correctly). Atom was a more than suitable editor. Firefox works just fine on Win10. I could do most of what I want to do on Win10. But I would have to relearn a bunch of tools. I'm not sure I want to do that.

I have to give back the Surface Book when I get back from a work meeting in Hawaii (yes, sucks to be me) in a few weeks, so the decision is far from over. One review I read said don't get it if you have a newish MBP while another felt that Apple had built a great machine for hackers.

Where does this leave someone with a 4-1/2 year old (that's 45 years in internet time) MacBook Air? Even more confused than before.

I don't need the Touch Bar because my laptop will run in clamshell/lid-closed mode approximately 99% of the time. What I really wanted was a MacBook that has 32 GB of RAM. I can't get that right now. But will there be one available in April? I would be super-pissed if that happened after I bought a 16GB one.

I'm still more indecisive about it than ever.

From macOS to Windows 10 - Part 2

November 18th, 2016

I spent this past week only using my loaner Surface Book instead of my trusty MacBook Air for doing my work at the day job. If there is a better of test for figuring out if I can do my regular work in it, I can't think of one.

It Has Linux Under The Hood

In the previous post I talked about how you could get a Bash shell using Ubuntu 14 (I think) running natively on Windows. Well, it absolutely 100% works except for one problem that I had. I was trying to debug a problem with an API using curl and it just wouldn't return anything at all. A quick pop back to macOS and everything was just fine. Still no idea what the issue is, but I think I need to try and reproduce it. I do know that the lead developer for curl works at Mozilla so maybe I can get some help that way.

Otherwise, everything I normally do in the macOS terminal (well, iTerm2) I was able to do just fine in the Bash shell in Windows 10. I was pleasantly surprised.

All the other tools I used for work were just fine:

  • The Atom editor behaved just fine
  • Firefox is cross-platform, everything was just fine
  • I didn't like how our video chat client looked (fonts way too small) but it worked

In other words, I could easily see myself using a Surface Book every day for work. To be honest, if I didn't have access to the Bash shell I wouldn't even have bothered trying to do this.

So what are the last few things I have to try out?

  • need a HTTP client similar to Paw
  • connected to external monitor and keyboard
  • better hosts file management -- Gas Mask is just so good
  • haven't fired up Skype in it yet
  • haven't looked at screencasting software

Next week I should have another update on putting the last touches onto the experience.