As a former CS student and an ITer, the computer has become an inevitable part of my life. And also how to well manage the computers and peripherals is always a changing problem.
Why does this problem keep changing?
Environments Decide the Requirements
When I was in university, what I could control was just a tiny desk in the dormitory. So at that moment, I hoped all the peripherals would be slim and wireless so I could quickly put the mouse and keyboard into the drawer without unplugging the cable.
I have to say that if we forget to turn off the mouse and keyboard, the receiver drains the battery really fast 😂. There was no Bluetooth then, and the early versions of Bluetooth were unsuitable for data transmission between computers and peripherals.
Looking at the HUGE CRT and chassis, having a laptop became my dream then. In this way, I could take it everywhere. Especially during summer and winter vacations, I could take it home 🤭.
After graduating, nearly all my computers are laptops. And due to Apple, most manufacturers are simplifying the ports on the laptop, so I have to make sure most of the peripherals should support Bluetooth. Then, due to the need for confidentiality at work, I had to ensure all Bluetooth devices could memorize multiple pairs to separate my personal laptop and office laptop so that I could conveniently switch one set of peripherals between my personal laptop and office laptop.
Is Wireless Always More Convenient than Wiredness?
However, due to the requirements of my employer and myself, my device management has become incredibly complicated 🤦. I need to ensure one set of peripherals can switch smoothly across four laptops and one chassis. Obviously, Bluetooth is unable to handle this.
By the way, owning five laptops is not weird. When I was working on a mobile project at my former former company, I had more than ten cellphones, several tablets, and four computers, but of course, nearly all of them did not belong to me but my employer. At that moment, there was no cloud testing platform for mobile projects, so all the tests needed to be processed on local devices.
Let’s get back to the main topic. Luckily most of the peripherals I had were dual mode, which means supporting cable and Bluetooth; this made me figure out a compromised solution. I connected the keyboard, mouse, and display to one multiport adaptor, and I could easily switch this adaptor from the currently connected computer to another chosen one. Since the COVID situation is not so intense, I sometimes need to go to the office. When I need to go to the office, I can unplug the display and put the laptop into my backpack with the adaptor, keyboard, and mouse.
Days ago, one question popped up in my mind. If a device named HDMI switch can switch the video sources smoothly, why is there not a device that can help us conveniently switch the peripherals across the computers? Then I found it, and it is KVM Switch. This KVM is not a Kernel-based Virtual Machine; it is the abbreviation of Keyboard, Video, and Mouse.
A KVM switch (with KVM being an abbreviation for “keyboard, video, and mouse”) is a hardware device that allows a user to control multiple computers from one or more sets of keyboards, video monitors, and mice.
This switch really saved my life. I don’t need to leverage more than one set of peripherals to cover all my computers or don’t need to plug in and out whenever I switch across my laptops. This switch also makes my desktop tidier, although it is still not quite tidy.
Choose the Suitable KVM Switch
The type of KVM switches varies and is not easy to choose. If you want one, keep an eye on the tech specs, especially the HDMI part.
Confirm the number of devices you would like to switch across.
The type of USB ports. Due to the velocity gap between USB 1 and USB 2, consider it based on your own devices, such as whether you have external high-capacity storage devices or others.
The type of HDMI ports. If you have devices supporting HDMI and Dolby Vision, such as Apple TV and Xbox Series X, please check whether your chosen KVM switch supports this. And HDR has several types of video formats, such as HDR, HDR 10, HDR 10+. The same as audio, its encoding varies.
High resolution and refresh rates are pretty important for video and game enthusiasts.
And also, hot-swapping affects the user experiences a lot.
Hopefully, this small talk can help guys with multiple computers a little.
Statement in advance: this post includes personal account security and credential management, but it is just casual writing that includes some of my boring dailies. 😂 So please kindly do not regard this as a knowledge post.
Obviously, the Internet is becoming an inevitable part of our lives, and accounts are also becoming an unavoidable part of the Internet. Actually, long before, except for the service featuring individuals such as forum, game, E-mail, and game, we could utilize most Internet service providers (ISPs) without an account. The ISPs could use a tiny browser cookie to hold all the anonymous and temporary personalized contents. And at that moment, the ISPs didn’t desire much to dig personal information. 🤣 It was pretty easy to memorize all the credentials because nearly all the credentials are one combination of user name and password or random combinations of several user names and passwords. With the rapid development of the Internet and the growing desire for personal information, we need to create more and more accounts for signing up the ISPs. The more personal information the accounts include, the more cybercriminals target our accounts. So the ISPs issued many restrictions on passwords, and our old-school way didn’t work as well as before.
The password needs updating periodically. – More backup passwords can handle this.
The new password should not be the same as the several previously used passwords. – Fine! Let us prepare several passwords for rotation.
Simple passwords are not allowed. – Cool. It seems we need to prepare several complicated passwords.
The new password should not be the same as all the previously used passwords. – Are you kidding me?
Due to the above, this kind of conversation always happens between my wife and me.
My wife: I need to use XXXX for YYYY.
Myself: You need to signup before using XXXX for YYYY
My wife: Let me check.
One thousand years later…
My wife: It shows that I have already signed up for this before, but I cannot recall the password.
I helped her to retrieve the account and set a new password, then asked her again and again not to forget again. I was definitely sure that she would forget it again.
My wife: How do you memorize so many user names and passwords?
Myself: I cannot recall passwords either, even sometimes can’t recall the usernames…
My wife: So, how do you log in?
Myself: With the help of the password management tool.
My wife: It sounds complicated… Will try when I have time.
Myself 😓 …
This kind of conversation always happens periodically.
As more and more accounts need managing, I really cannot do that without a password management tool now. But I did manage with the rotation of several passwords for a long while because the password management tool was tough to use before:
It couldn’t sync between devices. I should manage all the accounts on a specific device which I called the primary device. Then exported the accounts from the primary device and imported them into other devices. It seems pretty ridiculous in this period when everything can be clouded, but I really did this for quite a long while.
It was not platform-crossed. At that moment, due to the unstable market distribution of web browsers and mobile operating systems, there seem several colossal mountains between Microsoft, Google, and Apple. And it was really hard to seek software that can be compatible with Mac, Linux, Windows, Android, and iOS, also compatible with Chrome and Internet Explorer. Not to mention finding a platform-crossed password management tool.
Terrible user interaction (UI). It was not bad on PC because the tool could automatically fill in the user name and password via a browser extension. But when using it on a cellphone, it was really a nightmare. Can you imagine that the password management tool could only automatically fill in the user name and password when accessing the website with its built-in browser? I was the one that could not stand the build-in browser, so I had to use the copy-and-paste way to input the user name and password from the password management tool. Not to mention that some webmasters forbid copying and pasting on password textbox.
So after I had tried the password management tool for a short while, I reverted to the old-school way of password rotation.
Reading till here, I believe that some guys may wonder why this guy used so many different browsers and operating systems. Not for complicated reasons:
At that moment, my office laptop is Mac. And my personal laptop is running Ubuntu and also Windows due to game compatibility.
Due to the on-call policy, I brought one office cellphone and one personal cellphone. One was an iPhone, and the other one was an Android phone.
Firefox is my favorite web browser, but before, I mostly used Chrome on Mac and Windows, and I used Chromium on Linux. But there are several unavoidable sites, such as bank sites and government sites, that only support disgusting Internet Explorer 6, so sometimes I still had to switch to IE.
Personal Credential Management
Since Chromium is getting more completed and the Firefox is more popular than before, most applications provide extensions for Chrome and Firefox. More and more of them also provide for Edge. Thanks to the Autofill and Accessibility of Android, and the AutoFill Passwords setting of iOS, I completely rushed to the password management tool again. After trying several options, Bitwarden is my final choice because:
It can sync between devices, so I can manage all the accounts on any device.
It provides extensions for Chrome, Chromium, Firefox, and Safari. This totally meets my requirements.
It supports both iOS and Android.
Even though some ISPs leaked the accounts, different passwords for different accounts can significantly prevent credential stuffing.
The free version is good enough.
With the help of the password management tool, when I sign up for an ISP, I can use the password generator to create a complicated password instead of figuring it out by myself. I usually tick all the options to make sure the generated password can meet all the requirements of different ISPs.
When you use the generator to get a password, you can also let Bitwarden save it in its vault automatically. From then on, Bitwarden can help us fill in the user name and password of this ISP account, so we no longer need to memorize the complicated password. This way, the passwords of different accounts are totally different, which can significantly prevent credential stuffing.
Personal Account Security
Password management tools are really helpful but will also lead to a problem. It is that if the Bitwarden account is hacked, does it mean that all the accounts will be hacked? To explain this, we need to break this down into two questions:
How do we minimize the Bitwarden account theft? Because Bitwarden is the portal of all the accounts, we can’t set an extremely complicated password for Bitwarden.
If the Bitwarden account is hacked, how do we ensure all the accounts in the Bitwarden vault can not be easily hacked?
Two-factor authentication (2FA) can help us.
Multi-factor authentication (MFA; encompassing authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorised third party that may have been able to discover, for example, a single password.
Based on Wikipedia and above, in a nutshell, besides providing the user name and password, the user needs to provide at least one more piece of evidence before getting access to the account. For example:
OTP SMS. This is quite popular for 2FA, and sometimes it becomes the first authentication method. To be honest, using OTP SMS as the first authentication method without 2FA is really a bad idea. If your phone is lost, someone can take SIM out of your phone, easily get your contact number, and log in to your account with OTP SMS without unlocking your cellphone. So to prevent this, I have enabled SIM lock on all of my SIMs. That is to say that if my cellphone is rebooted or the SIM is put into a new cellphone, the SIM will not work, and the cellphone will show no signal or service. If the PIN has been wrongly input three times, the SIM will be locked unless you can provide a correct PUK or get a new SIM from the carrier.
OTP generated by authenticator APPs. Microsoft Authenticator and Google Authenticator are the most popular. I recommend the former one because it can sync between devices. Once my cellphone malfunctioned, I could not get the OTP via Google Authenticator to log in to an account containing some important historical information. The support was quite “dedicated” and refused to reset my Authenticator binding, even after I provided my user name, password, E-Mail address, and a list of previous login locations and timelines. 🤦♂️
The recovery codes when binding Authenticator. Please do take note of that unless you can make sure you will not lose the bound Authenticator, or you will face the same issue I mentioned above.
Security keys. I will explain later.
Let’s get back to the first question. How do we minimize the Bitwarden account theft? Enable the 2FA of the Bitwarden account.
The answer to the second question is the same. Enable the 2FA of all the accounts if ISPs support 2FA.
Issues when 2FA is enabled
Please ensure you enable at least two different 2FA methods if the ISPs support them.
OTP SMS is quite convenient until you would like to update your contact number. I needed to update my contact number once due to relocation to another city, and I couldn’t recall all the ISPs binding my previous contact number, so I could not update the contact number of all the accounts. Even if I could recall, it would be horrible to update all over again. Now with the help of the password management tool, I can easily list and categorize all my accounts. For example, all the accounts binding my China contact number are sorted out; all binding my Singapore contact number are in another category, all binding security keys are sorted out, etc. Also, I activated at least two 2FA methods to ensure I don’t need to update all the account security settings immediately.
Try not to use commonly changing 2FA methods, such as contact numbers. Instead, I prefer E-Mail and security keys.
If commonly changing 2FA methods are not avoidable, make sure you have a backup method. Mainly I bind two contact numbers on my essential accounts. Significantly I bind two if security key authentication is enabled because security keys cannot be duplicated in a usual way. I take one with me and put one in a safe.
Mentioning security keys, it was back to my university days. The bank industry was really backward, so online and mobile payments were unavailable yet, and even credit cards were not expected. We should pay via cash nearly everywhere.
Nearly by the end of my university life, several banks, such as CMB, released the online payment and online transferring. But the processes were really complicated. Whenever I would like to do this, I had to meet four requirements:
Windows OS. So I had to install a Windows virtual PC on my MacBook.
One management software that the bank provides, and it only supports Windows OS.
Internet Explorer. Because the bank password input component is an ActiveX controller that only supports IE.
One Dongle named U Key can only be used to operate bank accounts.
Due to the complexity of the operation and lack of requirements, I mostly prefer doing the transfer via ATM. And due to low utilization, I lost the U key twice when I moved to a new dormitory or accommodation. If I would like to apply for a new one, I needed to apply to disable the lost one first. The application for a new one could only be processed 24 hours after the application to disable. It meant I needed to bring lots of documents to the bank twice. Terrible!
I updated my contact number again after arriving in Singapore. And this made me think about trying a security key again. It looks amazing that there are tens of security keys supporting Universal 2nd Factor (U2F). Supporting U2F means that I use one security key as the 2FA method for nearly all my accounts and don’t need to assign each account a different key. Finally, I chose YubiKey after going through lots of reviews. If you have difficulties selecting a suitable model of YubiKey, you can use this chooser provided officially. 😂 You can also choose an appropriate security key from the list above.
If you would like to use a security key to authenticate on your cellphone, please choose the NFC model. Because most apps can now read security keys via NFC, you can simply tap your key on the back of the cellphone to authenticate.
One tip. If you choose the NFC model, I highly recommend using this kind of steel cable keychains as below. If you still use the common hard steel ring keychain, it will affect the NFC reading of the cellphone because the keychain will block the key totally adhering to the back of the cellphone.
As a security key, its ability is far beyond account login. For example:
It can authenticate the PC login, that is to say, that you need to plug in the key to finish the login after starting the PC. After all, the theft of thesis and dissertation is not rare anymore. Of course, if your document is important enough to enable the security key for the PC login, don’t forget to encrypt your disk in case someone takes your hard disk out of your PC. 😂
With an NFC module and a digital lock supporting open source home automation, you can use a security key to unlock the door.
Of course, we can also use an outdated NFC-supported cellphone as an NFC reading module to create more exciting ideas with an open-source home automation application.
It can manage your GPG key for passwordless SSH login and passwordless Github repo operations.
The above is just to throw a brick, and you can dig more.
You may be aware that this is not the first time I have created a blog based on the title, and I think this is good timing for me to recall the history of my blog. Since it happened a long time ago, the timings mentioned may shift a little from reality. Here is the evolution of my blog:
Self-built with WordPress
The blog started to become popular in China when I was a sophomore, so most of the famous web portals released the blog services. I also registered for one on the Sina Blog service to catch the trend. But I didn’t manage it well, and I just regarded it as a notebook.
After a short while, I found that Sina Blog services set up too many limitations. As a CS student, I couldn’t stand that. Therefore I decided to transfer my blog to Live Space which Microsoft just released. There were not many posts, so I manually moved them. At that moment, I began to post more about myself on my blog and regarded it as a place where I could share my emotions other than as a notebook.
When I was a second-year graduate student, self-built blogs on VPC became the trend. Based on the recommendation from Solrex, one of my classmates, I registered a domain name and began to continue with my blog by using WordPress on Hostmonster VPC provided by Jun Gu. I choose iron-feet.cn as the domain name of my blog. I never expected that selecting a CN domain name would be really a huge failure, and I will share with you why later.
At that moment, there were lots of posts. Manually transferring them one by one was really a mission impossible for me, such a lazy guy, not to mention that I need to retain all the tags, updated times, etc. I implemented a GUI tool to move the whole blog from Live Space to WordPress to finish the transfer rapidly. I didn’t open-source this tool due to a lack of sense of open source then. And I lost the code when I switched to a new laptop once. What a pity, If I open-sourced this, this tool could help others a lot when Microsoft shut down Live Space.
Since I used WordPress, my blog changed a lot in my mind. I started to contribute a lot to manage it. I made sure that I posted once every week and quoted others’ excellent parts indicating the source instead of directly quoting the whole post. And most of the posts should be technique-related.
In comparison to other CMSs, WordPress was quite good. However it still had many issues since the version I was using was quite old, such as encoding issues, dirty DB data caused by version upgrading, backend hung due to plugin upgrading, code reverted caused by upgrading, etc. If I detailedly introduced them one by one, I could publish several more posts. 😄
RSS was once quite a popular way of subscribing to blogs, so many bloggers liked to use RSS subscriber count to show the quality and popularity of their blogs. I was also one of them. But the build-in statics of WordPress is totally a mess, so we preferred to use Feedburner to burn a feed. And Feedburner could also fix some XML syntax issues in the original RSS.
The bloggers also show the Feedburner subscriber count as below on the page.
it is pretty hard for the bloggers whose audiences are mainly in China to show this fantastic counter. This counter is inaccessible from China because Feedburner is under the Google domain, which is google.com.
To resolve this, I had to implement a plugin named ImgCache. Suppose the attribute “ref=imgcache4wordpress” is added to an <img> tag. In that case, ImgCache will automatically persist the image into the local disk and replace the link with the local path so that this image becomes accessible from China. I used this way to show images provided by Feedburner and Twitter.
The latest updated time was 12 years ago. These days I went through this plugin and really could hardly bear my poor English and coding. It shows I will resolve the known issue in the next release. So it seems nothing needs to be fixed if no newer version is released 😅. Maybe I should take some time to release a new version to fix that.
Besides ImaCache, I also implemented another plugin called Custom URL Shorter. I knew shorter should be shortener, ignore please 🤦♂️. The plugin name could not be updated, and it is not sure whether it can be updated now. A single slip may cause lasting sorrow. (Developers can update the plugin name now, and I have updated the name to Custom URL Shortener.)
My blog meant a lot to me, but I made a tough decision three years after I graduated from the graduate university: shut down my blog.
I kept being annoyed by these:
The blacklist way of GFW: Once a site under IP outside China contained any sensitive data, that IP would be blacklisted. That was to say, all the sites using this IP would be banned from China. So I had to ask the VPS provider to change the IP repeatedly. No clue that the situation could be better. I was not sure whether that was due to GFW. Accessing my blog from China became unstable, but accessing from outside China is quite good.
The complicated registration: the instruction for registration kept changing. The MIIT always asked for new files and documents, asked to renew the information, and asked to add further information on the pages. Every time one Email would be received with a very close deadline. If you could not meet the requirement in time, your site would be shut down immediately
Cyber attacks: After joining an Internet company, I became swamped, so I always forgot to upgrade WordPress to apply the security patch. Therefore, my blog was attacked several times. Although I had backups, restoring still took much time.
OT in the daytime, dealing with the none technique stuff such as GFW, registration, etc., in the evening really made me tired. Finally, I gave up and chose to shut down. Shutting down my blog has always been in my mind, and it isn’t easy to erase.
Actually, I already planned to reopen the blog when I arrived in Singapore. But first time joining a foreign company delayed this plan. The arrival of my wife and baby kid delayed it again. I never thought that taking care of the baby without the support of elders would be so difficult. Finally, I have decided to reopen the blog now. Cause I have not touched this for a long time, I don’t know much about the VPS providers. Thank Xintao Lai, for recommending DigitalOcean to me.