In the news recently has been that the Password Manager service LastPass was infiltrated and password vaults were stolen. The jist of it is that attackers were able to gain access to the company’s development environment and by extension raid a backup environment for customer password vaults.
Understandably a lot of people out there who have used LastPass will be very worried. For the IT profession there will begin questioning over how this has happened and how we should be responding when consulting. From my perspective this isn’t a post to defend LastPass, explain the attack or analyse what they should’ve done. That’s a whole separate subject matter and whilst these questions are important what I’m going into here is about the general theory of password managers, the immediate impact to users on the data loss and the potential security responses to it.
The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.
Karim Toubba, LastPass, December 22nd 2022
The attacker was able to go and retrieve customer data pertaining to their account details such as their email address, billing address, phone numbers and IP addresses that were used to access the vault. Whilst this would appear that customers got off lightly this data is still sensitive and we’ll go into that in a bit.
Concerning the stolen vaults each one was protected with AES-256 encryption using a secret derived from the user’s master password. If users have gone with the security defaults of a 12-character password and 100,100 iterations on the Password-Based Key Derivation Function (PBKDF2) then it would take a considerable amount of processing power – potentially millions of years with the technology we currently have commercially available – to crack a properly secured vault. The attacker would have to keep hold of the trove long enough for a weakness to be found or wait enough time for the right computing power to be available and by which point the data could be useless anyway.
Based on what LastPass has said I would remain cautious but anything hyper-sensitive in the vault such as email accounts, banking or financial accounts, social media accounts and medical accounts I would instantly change as a swift precaution.
As touched on above however is that customer data was not kept encrypted. Arguably the biggest risk LastPass users now face is that the attacker has enough information to go targeted phishing against victims to either get the master password for the vault or for specific websites of interest they’ve identified.
My recommendations on password managers still stands the same and that is to combine a password manager with a separate multi-factor authentication (MFA) tool for the vault and contained logins. At the moment my favoured tools are Bitwarden combined with Yubikeys. An important note on what I’ve just said there: I do not use Bitwarden to store MFA codes. Whilst I think that it might be a good idea to add MFA codes to a vault if you for some reason have to share the account with a team on balance they really should be separate. Also a good point to make is that MFA backup codes don’t belong in the vault either.
Yes there is considerable argument that an offline password management tool like Keepass is a much safer option but that in itself brings its own problems. What happens if you lose the vault and your backup is insufficient? What happens if you can’t get to the vault in a critical moment because it’s not with you on person? What if the vault is stolen from you and you didn’t apply security practices as good as you thought? As always with security it’s a battle between doing the most secure thing and most convenient option. Personally I stick with the online option so I don’t have to worry about any of this.
In short: don’t give up on password managers. The benefits of having them far outweighs going back to a shared password for all your accounts. As long as LastPass users had a decent master password on their vault, applied MFA to sensitive accounts, changed passwords for anything hyper-sensitive and most critically watch for phishing attempts then I would hope that victims will remain safe from mass attacks.
That’s it for 2022. I packed away my work laptop and phone after submitting my final timesheet of the year. Overall it’s been a great year working hard, responding to the challenges of modern working and supporting organisations whatever their mission may be.
Lots happened for me in 2022. Professionally I ascended to membership of the British Computing Society, passed a few Microsoft exams and also formally adopted permanent working from home. In my private life I helped pull off a successful beer festival and bonfire as part of Mirfield Round Table, I got close to my goal of swimming 10k by swimming…9k…but I also had my heart broken a couple of times :’-(.
Key Anticipations for 2023
It’s getting a lot cloudier out there. For my part in this I’m going to be focusing a lot lot more on cloud hosted applications whether that be lifts n’ shifts to public cloud VMs or migrating clients to cloud native solutions. Fact is they don’t want anything “on-prem” anymore. Fine by me.
I also anticipate we’ll be talking more about general ethics in IT. Whether that be privacy concerns, making the profession more inclusive or ensuring that we are safeguarding the planet for future generations we do have our work cut out for us and it’s critically important we rise to that challenge.
We’re also inevitably going to see a lot more challenges regarding security, stability and connectivity. As we move to (arguably) post “Wintel” desktop and server world to one that’s more cloud native and ARM powered we will see opportunities and problems arise. A constant challenge of mine is getting applications into the hands of users in a variety of settings, devices and conditions. My personal challenge for 2023 and beyond will be to make sure I can do that for people who aren’t “Wintel native”.
However your 2023 looks I wish you a Merry Christmas and a Happy New Year.
The only recent professional development to share is that recently joined the British Computing Society which I’m currently on the induction phase. More on that story later but yet another shiny badge right here.
We’re fast approaching Christmas which means that winter is also looming for those in the northern hemisphere of planet Earth. Conditions in the UK are also becoming quite challenging. The cost of living crisis is making a real, human impact and we are also entering a period of economic recession. We’ve also got to adapt to Brexit whether we voted for it or not. With this in mind I’ve been making sure I’m as prepared for the winter months as best as possible to ensure I am mentally well.
I thought I’d share some tips for surviving work from home (WFH) during winter. These are written by an IT person so take and tweak accordingly.
Ensure you’re interacting with others and not just through glass – if you are like me and live alone this is not the greatest time of the year. It can get lonely and is very much a dehumanising experience. I attend Andy’s Man Club on a fortnightly basis to discuss my feelings and listen to other men doing the same in a mental health safe space. For women we signpost to Women’s Wellbeing Club as an equivalent.
Set aside your workspace – if you can make sure that your workspace is for work only, keep the door shut and talk to other inhabitants that live with you to set boundaries. This minimises the disruption and keeps your mind focused on work.
Maintain a line between work and home – on meetings ensure that you use a background, and also use a headset to ensure the conversation is kept private. At the end of the day shut down laptops & phones and then shut the door. You are done, you are human and it’s time to rest. Stick to set working hours and ensure you are setting time aside for self-care and rest. It’s not a guilty pleasure, procrastination or anything else. You need this time to reset.
Write your tasklist – write down everything you need to get done in a day. Prioritise the important things you need to do, delegate the tasks that you can to share the workload and plot the tasks that can wait for days when the load is lighter. Ensure that you ask for a deadline from colleagues and remember that “no” is not a bad word; it’s actually a good one! If there’s too much to handle you need to say it!
Exercise – get out the house daily for exercise whether that just be for a walk or for something more strenuous like a run. I’m indoor swimming now which helps.
Check in with Colleagues – keep communication constant even if that only starts with “Hello” on a morning and “Goodnight” in your team channel. Do share any big problems, unusual discoveries or even funny incidents you’ve had. This way you aren’t being forgotten about.
Journal – write down thoughts and feelings onto a suitable medium and keep a track of any persistent thought patterns. If you do identity anything that’s making you feel down make sure to act on it whether that being by raising it with your team, a manager or taking action yourself.
Get out for a day – contradicting a few points above but I’ve found it helpful to work from a coffee shop 1 day a week. I do have to provide mobile internet for security purposes but I’ve found that this breaks up the week and gives me something to look forward to
Please put a comment below to share your tips or just check in if you’re having a bad day. I’d love to hear from you.
Canonical have today released Ubuntu 22.04.1 and by extension opened direct upgrades for installs running 20.04.
I was very excited to upgrade today with my StarBook Mk V but I came across an issue that’s plagued me for some time not just with distribution upgrades but occasionally with routine updates.
Situation: when you run updates/upgrades you get something along the lines of this:
The upgrade needs a total of X M free space on disk '/boot'. Please free at least an additional Y M of disk space on '/boot'. You can remove old kernels using 'sudo apt autoremove', and you could also set COMPRESS=xz in /etc/initramfs-tools/initramfs.conf to reduce the size of your initramfs.
Running sudo apt autoremove doesn’t resolve the problem and as a Linux novice I cannot speak about compressing initramfs & the implications there.
Apparently this is caused by a load of kernels the system “hangs onto” following an upgrade filling up the /boot partition. I *think* this is fixed /better handled in versions after 20.04 but I’m not so sure. Indeed it’s a very bizzare problem because surely Ubuntu ought to handle this itself right?
Today I found out how to deal with it and I decided to share it with the internet. Disclaimer: I’m currently learning Linux and Ubuntu. This may kill your system. If it does I apologise but only slightly.
First thing’s first: list the current kernel that’s currently in use. We’re going to try really hard not to delete it.
Once you’ve made a note of that then list out the kernels that have been installed:
dpkg -l | grep linux-image
In my case there were about 7-8 listed (!!!) in addition to the currently running kernel. What we need to do is trim this list down so that we’ve got some space in the /boot partition.
At this point you should’ve got a backup and possibly consulted someone who’s a Linux expert as opposed to a Microsoft one.
Remove excess kernels by running the following command depending on what you find (replacing the version numbers of course):
You should probably keep the immediate past version to the one identified with uname -r.
This should free up enough disk space in /boot so that you can upgrade your OS however you may run into the problem I had and this is the one that’s bugged me for ages: if you remove the signed image for whatever reason apt installs the corresponding unsigned image. Not knocking a free offer but I’m not sure why that is. So anyway the trick is to purge both signed and unsigned at the same time like so:
Third exam of the year. This time it’s AZ-900: Azure Fundamentals and yes here’s another shiny, shiny badge I can show to Mum to prove it:
AZ-900 is the easiest Microsoft exam I’ve ever done by a long way. It’s testing knowledge of Azure at a very basic level. That being said it’s definitely not one to underestimate. You need at least a superficial understanding of how Azure works and what the key concepts are with cloud computing.
On May 5th 2022 Microsoft adjusted the exam and made it even more fundamental going as far as removing the bits about databases. A lot of the resources you’ll find on the internet therefore probably go far too into depth.
This one along with DP-900 completes the two exams I needed to do this year so I am very pleased with both passes and both done first time.
This also means I get another shiny badge to put up on this blog so here it is and yes you can click to verify I’m not fibbing about it:
The Study Plan
I could’ve very much done a copy and paste job on the DP-900 effort I did earlier this month but that would’ve meant that I couldn’t write another witty title and that would be boring.
I have now 6 years experience deploying, patching, configuring, troubleshooting and tweaking SQL Server. In these exams well founded experience and knowledge of what you’re being tested upon helps.
Used the learning path for DP-300 on Microsoft Learn. I’ll admit at this point I did not finish the last two modules on Automation and High Availability but thankfully I did very well on those questions.
Again, used the Measureup practice test and yes some similar or even the same questions came up on the exam. I did start to notice with this test that I began learning the answer by recognising the question rather than understanding what was being asked. The note of caution here is to not rely on this too much as there’s only 122 questions in the bank.
It’s quite a hard exam to do and I found it challenging. Whilst SQL Server is familiar to me Azure SQL Database is completely new. I had a lot to learn in a short space of time but I got through comfortably. If you’re taking the same exam soon then all the best you.
Should be noted that the contents of the exam changed on 5th May 2022. From the updated skills measured sheet it would occur to me that they made the new format more “fundamental”. That’s not to say it’s an outrageously easy exam. I had to learn a few new concepts but as someone with an interest in SQL Server I enjoyed the learning process.
Here’s the badge to say “I did it”.
The Study Plan
I attended the free Azure Virtual Training Day: Data Fundamentals from Microsoft. Each session was just under 4 hours long and was a pre-recorded video. By attending across the two full days you receive a credit to take the exam for free so not only do you get an intro to the subject you also save £69 for the exam.
Used the Azure Data Fundamentals Learning Path on Microsoft Learn. This was a good source of basic knowledge and a few free labs on Azure were available too. Made lts of notes here to revise with later on.
Subscribed to the official practice test available on Measureup.com. Some questions in this practice test came up on the exam although it must be said that the practice test probably does not reflect the May 2022 changes just yet but keep an eye on the website for more info. I put the test in practice mode and set it to explain wrong answers to strengthen my knowledge and further improve my notes.
Overall not the hardest exam to pass. As long as you understand the subjects in the exam you’ll have no problem passing it. All the best!
It’s finally here! I’ve long run a combination of a custom built ATX gaming PC and also a Dell XPS 9360 laptop. Both have served me well but both are overdue a replacement after a long lockdown. I had previously seen Star Labs’ StarBook MkV mentioned on OMG! Ubuntu! and I was very keen to give it a try.
I placed an order for the StarBook Mk V back in August 2021 and after a patient wait it was finally delivered early December. I’ve now had an opportunity to use the laptop for a decent amount of time so here’s the review!
Battery: 65Whr (quoted at up to 11 hours battery life)
Warranty: 1 year limited
For the full details check out the Star Book specification page.
I also added in a StartPort adapter (£69) and USB Recovery Drive (£9) to bring the total cost including an early order discount to £1,511. Given Star Labs are a smaller scale manufacturer than the likes of Dell the price versus specification didn’t seem too bad to me. I considered another Dell XPS 13 on the shortlist and didn’t feel that the StarBook Mk V was poor value by any stretch.
There are quite the many choices of Linux distributions available. For selected distributions Star Labs will also contribute some of the sale price to the maintainers. If you really want it for some reason you can also have Windows but that would arguably break the spirit of the product. For my laptop I chose Ubuntu 20.04 LTS combined with coreboot firmware.
Packaging & First Looks
The StarBook Mk V arrives in some seriously sublime packaging that’s been custom designed for the job. The outer carton is even branded Star Labs. Inside the box I found the laptop securely packaged with foam bumpers with the accessories packaged in two separate boxes. Unfortunately I did not have a Cat available to thoroughly test the packaging but I am sure they’d be impressed too.
The actual box for the laptop features schematics of the device at each respective elevation. It’s another great finish to the product and oozes that due care and attention to detail I’m craving.
Plastics report: I hate unboxing but here it’s worth mentioning that the laptop comes in a blue Star Labs sleeve and a screen protector cloth in place of any plastic on the trackpad or screen. Whilst the sleeve isn’t suitable as a day-to-day carry case it is very useful to have. I keep the sleeve on the laptop then put it into a carry case to protect from scratches from other accessories.
There were plastic bags for the shipping document, USB recovery drive, charger, charging cable and the UK plug adapter. These along with the foam bumpers are the only plastic you’ll receive in the box. Considerably better than quite the many PCs I have unboxed.
Around The Chassis: Screen, Webcam, Keyboard & Trackpad
The Star Book Mk V features a matte black anodised aluminium chassis housing a 14″ IPS screen and your choice of keyboard (UK, US, German, Spanish, French and Nordic are available). The lid has the Star Labs logo embossed on there and it looks seriously classy. It’s a very fine looking laptop with a premium feel to it.
Connectivity wise you’ll find the following ports on the StarBook Mk V (from nearest to furthest from you):
2 x status LEDs
Thunderbolt 4 / USB 3.0 – Type C with Power Delivery
USB 3.0 – Type A
DC Charging Jack
Micro SD Memory Card Reader
USB 2.0 – Type A
USB 3.0 – Type A
3.5mm Combination Jack
Should I have been let loose designing this laptop I would have definitely sacrificed a USB Type-A port or perhaps even the charging port for a Type-C port so I can keep a Yubikey connected with the docking station at the same time but each to their own on that regard.
One of the things I had a hard time deciding upon was the screen versus the Dell XPS 9360. Dell packed out the 2016 XPS 13 with a very good QHD+ IPS screen and that was something difficult to let go of. The Star Book Mk V screen next to the XPS 13 is not quite as impressive 1080p IPS screen but still it’s very good. It’s actually surprisingly bright and colours don’t seem washed out at all. Supposedly this screen works out at 400nits average brightness according to Star Labs. I have to acknowledge here that if you are looking at other laptops at a similar price point you’ll probably more screen choices such as higher resolutions, different ratios but unless you need a screen for high end graphic design the Star Book Mk V should surely fit your requirements. One thing I do not miss from the XPS 13 is a touchscreen; that’s got no place on a laptop as far as I’m concerned.
A non-descript 720p webcam is included. The positive change from the XPS 13 is the position! On the XPS 13 Dell placed the camera bottom left of the screen. People would often comment about the weird angle and being able to see my fingers as I typed on video calls. Returning to a top and centre webcam is definitely a welcome change although it’s not a very wide angle lens and doesn’t have a privacy shield if that’s your thing (you can disable it in coreboot configurator but more on that later). Like most laptop webcams it’s good-not-great but will more than suffice for day to day video calls.
Next to the keyboard on both the left and right flanks you’ll find 4 x 4 Ohm speakers which are more than adequate as far as laptop speakers go. Certainly not studio quality but for any serious listening or gaming you’ll definitely want headphones. I found them very much acceptable for watching some tutorial videos and I’m sure they’ll be fine for TV and Films on the go as well.
Keyboard wise this laptop also delivers. The backlit keys are generously large, well spaced out and smoothly finished to the touch. Typing on the keyboard you’ll find firm but forgiving resistance. There is slight flex in some places on the chassis but you’ll have to look closely for it so nothing to worry about. Star Labs have added an Fn key with the usual stable of F key controls as well. One mild bit of entertainment for me is that there is no Windows key! On this keyboard it’s the “super” key and that’s not something I’ve ever seen before except with Macs.
At the bottom of the chassis the StarBook Mk V features a smooth glass trackpad with separate left and right clicks. There is a bit of a gap between left and right which does take a little bit of getting used to. Again I found the trackpad very responsive and easy to use. It also supports mouse gestures such as double finger scrolling which is a welcome feature. The glass does tend to pick up some oil as you use it so I’ll probably refrain from scoffing snacks whilst working with this laptop.
Performance, Battery Life & Storage
Inside the Star Book Mk V you’ll find an 11th generation Core i3-1110G4 dual-core with UHD graphics or i7-1165G7 quad-core processor with Xe graphics. The Core i3 variant wasn’t available at the time of ordering but that’s OK because I wanted speed not steadiness. With the configurable TDP (Thermal Design Power) profile set to Performance (28W) I returned the following Geekbench 5 result which compared quite well to other results I found such as the Microsoft Surface Pro 8:
One interesting thing about this laptop is that you may opt for a standard American Megatrends firmware or use coreboot instead. Initially I thought coreboot was perhaps not the right choice for me but eventually decided to give it a go. Opt for coreboot and you can use the nifty coreboot configurator app from the StarLabs PPA to tweak the laptop. Everything can be tweaked here from disabling devices, configuring the processor TDP and adjusting the keyboard backlight timeout:
Thanks to the supply crisis we find ourselves in a fortunate situation regarding the battery. The specification was upgraded for free to a 65WHr battery. That did incur a few weeks delay for certification but generously received non the less. Under Ubuntu 20.04 with the balanced power profile set in coreboot I have found battery life at 50% display brightness doing a variety of tasks I’m getting probably around 6-8 hours out of the laptop without TLP or Powertop in use. That’s a bit short on the up to 11 hours claim (who’s isn’t) but it’s comfortable figure for day to day work.
For whatever reason at the time I decided to opt for 64GB of DDR4 memory despite having no real use case for it. Configurations ranging from 8GB all the way up to 64GB are available and – unusually for many notebooks these days – you can replace the memory if you need an upgrade.
A small note on the memory configuration. A manufacturer using this and similar CPUs can configure it with DDR4 SO-DIMMS like the StarBook which maxes out at 3200Mhz or it can be configured with LPXDDR4 at 4277Mhz. Whilst the advantage of using SO-DIMMS is that they are replaceable it should be noted that the LPXDDR4 brings overall higher memory bandwidth. If you are buying a laptop with Intel Iris Xe then you should know that memory bandwidth is everything and that SO-DIMMS work out slower so watch out for that in any benchmarks you see out there.
The laptop comes with an Intel AX201 WiFi & Bluetooth module. Connected to my AVM FRITZ!Box 7530 (WiFi 5) I have found it to maintain a solid signal with no drop-outs. Sadly with a 26 Mb/s internet connection I will be unable to fully stretch it however for any HD streaming from your NAS this will do the job. I have had some concerns raised to me privately about WiFi. I contacted the team at Star Labs who suggested some tests and we were unable to find any fault.
The Star Drive SSD is worth a mention independently. I did some digging on the specifications page and found that the SSD uses a Phison PS5018 controller with 96 layer Micron B27B memory. KDiskMark returned the following results with the default 5 passes of a 1GiB file:
It’s taken a while to get this notebook but it’s definitely been worth the wait. It’s been a very pleasurable experience using the StarBook Mk V with very little to disagree about. Overall the Star Labs StarBook Mk V is a solid contender for your shortlist and I’d recommend it for Linux users.
Last week I was involved in a brutal massacre. A total of 10 innocuous work shirts were killed off (alright, taken to the local charity shop). In view of the fact that some of us in IT aren’t going back into the office anytime soon – if ever – it made absolutely no sense keeping the offending unoffenders only to take up the wardrobe space. Give everything a purpose right? They have therefore been retired. Forcibly.
What’s next for workplace fashion you ask? No idea to be honest. Polos, T-shirts, jeans, hoodies, everything I never thought I could get away with now all normal work attire. Just as long as you’re presentable on video calls you can do it. The dream has be realised. Irons and ironing boards everywhere quake in fear of what happens next.
This week’s big release has been Ubuntu 21.10 codenamed Impish Indri. This is an interim release with 9 months of support from Canonical.
There are lots of changes to talk about here. This release brings Linux Kernel 5.13, Firefox as a snap by default, GNOME 40 with horizontal workspaces as well as tweaks to the UI, touchpad gestures and zip password support in Nautilus as a few examples.
I’ve installed this to my Dell XPS 9360 this week. So far I’m really liking the horizontal workspace change. It’s admittedly a feature I’ve never got used to working with for Ubuntu and Windows alike but I’ve decided to give it another go.
The change to Firefox as a Snap app is a controversial choice given the reception of snaps. Personally I’m not noticing much of a difference and so long as security updates come in on time I don’t think I’ll be too bothered about it.
You can upgrade your existing Ubuntu distribution to 21.10 now but if you haven’t tried Ubuntu now’s a really good time to Download Ubuntu 21.10 and see it for yourself. As before if you get the torrents I’ll be pleased to serve you the bits.