A while back I became quite disappointed when I noticed that my Steam Deck started to drift in games that utilized the gyro controls. Even if I were to calibrate the controls, the drift would return every time I powered on the system or woke it up from sleep.
I contacted Steam support who recommended to do a factory reset, but then I would need to download all the games anew. There had to be another way!
I scoured the internet in hope to get some answers, but all I got was either the normal calibration “trick” (it’s not a trick if it’s an actual function, lol) or some random scripts that forced the calibration settings automatically every reboot which didn’t work.
So, this started around when I got myself a dock for the Steam Deck. Because of this, I was afraid that it might have caused some damage to the system. Too bad, because I loved having a powerful, albeit a clunky Nintendon’t Steam Pro™…
However, one day when I was about to play I had it laying flat on the desk next to me while it was booting when an update had been received. Without picking it up, I applied the update and rebooted. Back in business, when I started the game and was about to do the calibration as per usual, lo and behold, the gyro drift was gone!
I wonder if the drift had anything to do with the Steam Deck resting on the dock, slightly tilted? It sure seems like it, I have now restarted the Steam Deck (both laying flat and while holding it) and the gyro is all calibrated now. However, I noticed a slight drift when I started the Deck while resting my thumb on the capacitive area of the joystick. I guess it’s like when you start up a console holding the stick in a certain direction, and the console thinks that direction is the resting position.
So if you’re having issues with the gyro, remember – for great justice, don’t fiddle the sticks while booting.
No, you should not make your passwords complex and super long! This will only lead to you forgetting the password and then later reset to one that you will actually remember – which, of course, we know will be super dumb and easy to crack.
Instead, you should go for passphrases. These are basically passwords, but longer and easier to remember. For example, a passphrase can be:
pancake lord on moon vacation three times left turn
According to Security.org’s password check, this would take a computer of today’s capacity about 1 unvigintillion years to crack. How many years is one unvigintillion? I don’t know, but I do know that I definitely won’t be around by then.
The reason for it being hard to crack this passphrase, isn’t the complexity, but rather its length. The longer the passphrase, the more possible combinations any brute force attempt needs to perform.
But, you ask, what about the required password complexity of sites, operating systems and the like? The lowercases and uppercases, special characters and such?
Well, that’s where password managers come into the picture! You see, there’s a lot of password managers out there and chances are you’re using a web browser with one built-in, right now! There are even services that let you store and access your passwords in the cloud for convenience, for example when you’ve lost access to your computer or device.
With a password manager, you can generate a super random and hard to remember password that fulfills any uptight requirements of an account registration. The point is that you will never need to remember it, the manager will!
The problem with most built-in managers though, is that they are exposed to the internet, meaning that if the client or browser is compromised – so are your passwords. The same goes for any online service that promises security – it’s all fine and dandy and cherries until the service is hacked and your passwords are stolen. This happened a while back with LastPass where, even though encrypted, users’ vaults were stolen and could potentially be cracked. This is exactly why centralization is bad – it gives hackers a single point of entry for thousands if not millions of users.
Now, how to avoid this? Well, firstly you should avoid centralization. But you cannot avoid hackers on the internet unless you go offline, of course. It might sound like a bummer, but that’s why I’m writing this post, you see!
Here’s where KeePassXC comes in. KeePassXC is an excellent password manager and vault that is secure, open source and totally free. KeePassXC is an application only, meaning no servers to connect to – all it needs is the database to keep its records. Already here, we’ve eliminated one potential threat in that we’re not exposing our passwords to the intertubes. The database can be safely stored where ever you like, for example in your home folder or on an encrypted drive. You can have multiple databases, for example one for private passwords and another for work related passwords (which I would recommend.)
So it’s easy to get started, just download and install the application. For Ubuntu/Debian users, I strongly recommend to install the PPA and use APT to install, instead of snap.
After installing and running it for the first time, you can create a new database. Set a passphrase, one that you can actually remember, because if you forget it you lose access to the database. I also recommend that you create an encryption key which can preferably be stored onto a physical drive for added security.
Once the database is up and running, all you have to do is store all your passwords. As you can see in the above screenshot, you can even use it for two-factor authentication. You can associate the entries to their respective sites and applications, organize them in groups and add icons to the entries.
I would however recommend that you install a browser extension, otherwise you would need to go back to the application every time you need to log onto a site. There’s an official extension for the most popular browsers, called KeePassXC-Browser. Once installed and configured (and the main application running in the background) it will ask for database password and fetch the associated entry when autofilling the login forms on a site.
A word of warning though: It’s known not to work with snap installations of browsers, which is the default installation method in Ubuntu. Be sure to use the APT version of both the web browser and KeePassXC and you should be good to go. Oh, you might have to add a permission entry in AppArmor if you’re getting “Cannot connect to database” errors, though.
Also, you might want to have some sort of cross-device sync. I know, this contradicts what I mentioned earlier with having the database offline, but the alternative would be manually copy over database and encryption key to every device each time you’ve added or updated an entry. Not too convenient. As long as you don’t use a centralized service, I believe you’re good though. For example, using a Nextcloud instance, you can sync between selected devices. As for mobile applications, for Android, there’s KeePassDX that’s fully compatible and also can use Nextcloud mounted storage to access the database. This is the one I’m using and can recommend.
All in all, I’m really satisfied with KeePassXC knowing that I’m in total control over my password vault and that I’m one step further from allowing Big Tech to have control over my online life.
I have just connected the blog to the Fediverse, so now you can follow it via platforms like Mastodon. Just search for and follow @thanius and all upcoming posts will appear in your feed!
Here’s a little tutorial on how to get rid of nasty stickers and residue off Nintendo cardboard boxes. Just because a box is full of stickers, doesn’t mean it can’t be fixed! Using this method you can still transform it into a presentable state.
What you will need is basically three things:
High percentage Isopropanol Alcohol
Cotton buds
Patience
Here’s my latest attempt at removing some nasty tamper-evident stickers off this copy of Super Mario Land in otherwise nice condition. This is how it looked on the Tradera/eBay listing:
The first thing I did was to empty the box so that its contents wouldn’t be affected should anything go wrong. I proceeded to lay out some paper for the table’s protection, and then soaked a cotton bud plentiful in alcohol before starting massaging the stickers.
Even though these stickers were thick they accepted the alcohol pretty well and started to loosen up after a minute or two. Once you see that the stickers are starting to fade and you can notice the artwork underneath, you’re almost at the finish line! Keep adding alcohol if it has dried out, but don’t overdo it at this point. You’ll want to gently rub in the alcohol, not scrub as I did and managed to ruin some of the box.
Once the stickers start to become translucent, try carefully feel the corners to see if they are willing to let go of the priceless artwork. Don’t force them, they should just slide off. If not, add some more alcohol on top and around the edges.
This was the final result. Not perfect, but a hell of a lot better than it was before. You can see the result of me rubbing a bit too hard, but still, I’m pleased with the outcome. Looking up close, it’s barely noticeable where the stickers used to reside.
Once done, I celebrated by playing the game. I know this game by heart so it took me about half an hour to complete. I simply love Hip Tanaka’s ending theme for the game. And I must admit, the game does look good in the cabinet.
(I just realized it’s been over a year that I’ve written anything on this blog. You may also have noticed that it looks a little bit different now. This is because I intend on making this blog a part of a bigger website – a homepage, if you will.)
Why Aegis?
I’ve been jumping between different two factor authenticator (2FA) apps the past year or two. I had earlier for a long time settled for Authy, mostly because I wanted to get away from Google and Microsoft. This app seemed robust enough, had some customizable logos for the connected services and also employed a backup feature – which at the time was MIA over at Google’s and Microsoft’s departments. It also had a desktop version that was synced, which at least at the time seemed like a good idea.
As the months passed by I started slowly to realize the flaws in Authy. Not only could you actually not customize the logos yourself, but the search engine used was simply a Google image search wrapper; meaning that logos showed up that either aesthetically didn’t fit or was totally unrelated to the service you tried to configure for. I tested this theory by simply searching for some random crap and Authy downloaded the image without hesitation.
Not only that, I realized that while it’s nice to have the OTP’s synced between devices, it did this through centralization. This, in my opinion, isn’t secure at all and could potentially invade my privacy.
Enough about Authy. I’ve moved on, and so should you.
This means that not only is the code available for anyone to examine and contribute to (which, contrary to popular beliefs is actually very important for security applications), it’s also available to download without the involvement of Google as it’s available through the F-Droid repository.
Second, it has all the features needed for a proper 2FA application and some quality-of-life improvements over its competitors, which I’ll get into shortly.
The only real downside for Aegis is that it’s not available for iOS. But if you’re using iOS, you’ve got other problems to attend to. Yes, by all means, please be offended.
Features
Customizable views
This is one of the most important features for me, as I’ve got almost all my accounts configured with 2FA and will be picking up my phone several times a day to fetch their one-time codes.
Since Aegis allows you to pick your own icons, or even download icon packs from them, the account is instantly recognized through its branding. And for a better overview, you may also configure how the codes are displayed in different sizes: normal, compact, small and tiles. I personally like the setting “small”.
You can also separate the codes between groups. Say you want to have your work OTP’s in the same app as your private, you can create a group for those and have those filtered out by default. This is especially useful if you have two or more different accounts on the same service.
Security
The configurations are safely stored on your device with encryption, which can be unlocked by a password or by using bio-metrics such as fingerprints and/or face unlock. It also allows for a separate encryption password for the backups, should you want an extra layer of security.
Aegis can also be configured to disallow screenshots from being taken, should you ever have been infected by malware that tries to steal your OTP’s. You can also configure to have the codes be hidden from prying eyes until you tap on them.
These are just a few of the security settings I figured was worth mentioning.
Backup, import and export
Another key feature is being able to restore your 2FA configurations should your device ever be lost. Instead of having the vault sync using a centralized service, you can configure continuous backup instead.
Since the vault is encrypted, this means you can put your backup wherever you want. You can use your device’s automatic cloud backup as well as backup through Storage Access Framework in Android, perfect if you’ve got a personal Nextcloud server.
If you’ve got multiple devices, these can be synced using the import/export functions of the app. You can also use the import function to fetch configurations from other 2FA apps, but unfortunately it does not support Authy (this isn’t Aegis fault though, it’s simply because Authy doesn’t support export at all.)
Final words
I mean, there isn’t much else I can share with you guys. It’s only a 2FA app, after all.
It works securely and with personal customization, it’s open and free and has awesome features. So if you’re ever in need of two factor authentication, look no further than Aegis.
I have now, knock on wood, finally managed to set up WordPress multisite behind an Nginx Reverse Proxy with working subdomains and corresponding certificates. Previous attempts had resulted in long response times and timeouts, which almost made me give up on the idea. But today, I once again delved into the madness and started with some terminal-fu.
In previous attempts, I had installed the Fastest Cache plugin, which satisfied WordPress’s recommendation to use page and object caching, all within a single plugin. The problem with this is that it adds a lot of redirects to the .htaccess file, and I suspect that this was causing the long response times for pages and the API.
And since there are probably more people who need a setup like this, I thought I’d share my settings.
First and foremost, we need an Nginx configuration for the domain/subdomain that needs to be accessed. This configuration will also provide the pages with their certificates:
As you can see, Let’s Encrypt is already configured here. To get started with Let’s Encrypt using this configuration, set up a virtual host that only listens on port 80, and then let CertBot take care of the configuration. Once it’s done, adjust using the settings mentioned above. Note that it’s absolutely important to have a slash ( / ) after the port number in the proxy_pass command!
We’re proxying directly to port 443 on the internal server, as this is to ensure that the WordPress API functions smoothly and doesn’t need to go through multiple redirects.
The next configuration is for the local Apache server (though Nginx could be used here as well, I’m following the WordPress-recommended installation, so Apache it is!)
<Directory /var/www/wordpress/wp-content> Options FollowSymLinks Require all granted </Directory> </VirtualHost>
In the Apache configuration, we don’t need to set up any subdomain virtual hosts, as these are handled by the reverse proxy on the Nginx machine. We also don’t need to use a valid certificate here. Instead, we have installed a snake-oil certificate to allow us to deliver encrypted traffic to the reverse proxy.
After this, you can simply follow WordPress’s own instructions to set up the multisite configuration.
Once everything is up and running, make sure not to use plugins that add their own redirects to the .htaccess file, such as Fastest Cache, as this will only lead to issues. Instead, I recommend installing WP Super Cache for page caching and Memcached for object cache storage.