Jonas Voss

For 10 år siden fik jeg snitterne i en Google Nexus 7 tablet. Den fungerede i nogle år, men blev ramt af bootloop. Jeg forsøgte at fikse det dengang, men jeg havde ikke rigtig held med det, så den røg i skuffen med ting jeg måtte bekymre mig om senere.

Forleden dukkede den så op i min skuffe da jeg gravede efter noget andet, og jeg tænkte, at det måske var nu jeg skulle se om jeg kunne redde den. Tilfældigvis stod jeg lige og manglede en underholdningstablet til den 2-årige arving, og den var en yderst oplagt kandidat til det formål.

Der er sket meget siden jeg sidst forsøgte at redde denne Nexus 7, og jeg kunne med glæde se, at Lineage OS havde en officiel ROM til den. Så igår aftes flashede jeg den gamle Nexus 7 til Lineage OS 18.1 (Android 11), og det er nu blevet et ret fantastisk lille stykke hardware, når kravet er underholdningstablet: Skærm med 1080p, 32Gb lagerplads, og trådløs opladning.

Jeg fulgte instruktionerne fra wikien på LineageOS hjemmeside, og det virkede næsten som det skulle, på nær en fejlmeddelelse da jeg skulle formatere den interne lagerplads med kommandoen fastboot -w. Det brød den sig ikke om, men installationen fungerede fint på trods af dette.

Det er nogle år siden jeg sidst flashede noget gammelt hardware, og det er altså blevet en hel del nemmere nu synes jeg, og det er kun en god ting.

Den ekstra bonus ved LineageOS er, at den kommer udelukkende med FOSS apps. Som underholdningstablet har den ikke brug for at vide hvor den er, eller hvem der kigger, og med LibreTube kan man downloade videoer, så den fungerer også glimrende off-line.

Tried to activate an American Express credit card, via the American Express Android app today. Turned into a field study of assholedesign. I wonder if anyone from their customer service team, or their developers ever tried to follow the sign-up flow themselves.

Issue #1 - Secret rules

The fields the user needs to fill out, has no guidance on what qualifies as a valid input. I put in a username, and a password I deemed safe to use.

The app told me the following:

"User ID must contain at least one number."

Ok. I add a number to my login and that worked. It wasn't clear I had to from the beginning.

Issue #2 - More secret rules

I then type in a password. It's 11 characters long, and includes one number, and one special character. That mix usually works.

The app tells me:

"Password not valid, please refer to Terms for details."

What's wrong with writing the requirements in the error message or, and I know or it sounds a bit crazy, right next to the field you need to fill it into (like the Norman Nielsen Group has told us since 2015). At least they could have included a link to the "Terms" where these sacred details can be found. Anyway, I ended up getting a generated one from KeePass, but I still don't know what they rules are for their password.

Issue #3 - Dark design pattern

For the final example, this is how their marketing box looks like:

Notice how the promotions opt-in checkbox is next to the text saying:

"Your email address will not be shared with other companies to market their own products and services. You can update your preferences later if you wish."

This gives the impression that by checking the box, you agree to them not giving out your email address to other companies, while checking it opts you in, to receiving email promotions from American Express.

If you are designing a sign-up form for anything, please don't make me guess what I can put into the fields. It's a bad user experience that, with just a modicum of thought and testing, could be turned into a great experience. 

#darkpatterns #ux #rant 

I've been looking for a different way of consuming Instagram. Facebook has introduced more and more features in their neverending quest to wrestle users from Snapchat and onto Instagram, and I don't care for those. I like Instagram, the photo sharing part, not so much the TV and Stories part. The other reason is that whole privacy thing, of course. Turns out big social media players weren't quite the stewards of our personal data we were hoping for, and spending less time on actual social media websites seems like a good thing.

Except for some musicians and photographers, I don't follow brands on Instagram. I mainly follow people I know. Family, friends, and tags. Being a camera and photo enthusiast, I enjoy looking at photos taken with a variety of cameras and film, and a lot of people use Instagram to show their analogue makings.

For a while I used an app called Hermit on Android. Hermit is a wrapper that turns mobile web versions of websites into apps. It has ad blocking, and a bunch of other nice features. Using Hermit helped me get rid of ads on Instagram, and their algorithm somehow works differently on there as well. I liked the ordering better, it seemed to be more chronological. Only downside: I had to consume it on my phone. It was good, but not great.

Granary.io and Atom to the rescue

Thankfully, people much smarter than me are creating tools for consuming silo'ed social media in different ways. One such tool is Granary.

To be able to get the feed of your friends, and not the feed of your own damn self, you need to find your sessionid cookie value from Instagram. Do the following:

Edit: There's actually a much easier way to do the below, by using https://instagram-atom.appspot.com/ - thanks to Ryan for pointing it out.

• Open the Chrome Browser
• go to instagram.com and login with your account
• after logging in, open the developer console of your browser, and reload the page
• find the "Application" tab and click it
• in the left hand panel there's a "Cookies" item, click the chevron to the left of it to expand it
• click on the line that says https://www.instagram.com
• in the list of cookies like csrftoken, ig_cb, mid, and rur, there should also be a cookie called "sessionid"
• copy the value of sessionid

Next, open Granary.io, and click on the Instagram logo. Granary will load up this url, and then you have to fill out some fields. You need to fill in your Instagram username, select @friends from the dropdown, select "atom" as your format, and paste the cookied ID you gathered above, into the last field where it says sessionid cookie (for @friends) and hit the GET button.

When Granary has done its thing, you'll end up with a link below the form. With the cookie value removed, mine looks like this:

https://granary.io/instagram/l3traset/@friends/@app/?format=atom&cookie=

This link holds your liberated Instagram photo feed. I plugged mine into my Feed Reader and into Aaron Parecki's Aperture and now I can read my Instagram feed on my phone using Indigenous, and on my desktop, all with no ads and no stories. Glorious!

Is anything lost?

Besides losing the ads and stories, you also lose the ability to favourite a post on Instagram, and to add comments to a post. However, I don't necessarily see this as a loss. If I want to Like a post, I can just do it on my own personal feed, and it ends up looking like this. Sure, if it's a post from a friend of mine, they won't know from their post, that I liked it. But you know how you can fix that? Write them an email. If your feed reader lets you email a post, you can email your friend saying you liked their picture.

Not being able to comment might be the biggest loss, but if you can live with that, then I think you should do it, go forth and liberate your Instagram feed.

This will definitely be the way I will consume Instagram until we've all moved over to Pixelfed.

P.S. I'm not sure how long the sessionid cookie lives for, so you might have to reconstruct the link in Granary once in a while, but that should be about it. Also, don't share that sessionid with anyone. I'm pretty sure it can be used to log into Instagram as you.

I've been a LastPass Premium user for a couple of years, and I've really enjoyed it. It's a good product, very user-friendly, and the apps are well-done. I've been wanting to switch to another password manager for a while, due to security concerns. Plenty of compromised cloud companies out there, and LastPass might as well be next.

Over the last few days, lastpass has been down, or running a suboptimal service for many users, including myself, and since my last attempt at renewing my LastPass Premium subscription was declined by my bank for some reason, I figured now was as good a time as any, to make a move to something else. 

I've dabbled a bit with Master Password App, which is a stateless password manager. I really like the idea, but then what do I do with all the logins and secure notes I already have stored in my lastpass vault? I don't see a simple way of storing those in Master Password. My alternative then was down to a stateful password manager, and here's where KeePass comes in. KeePass is an open-source password manager from the 00s. Initially for Windows, but ported to a staggering variety of platforms, most likely including the one you are reading this on. It saves its content in an encrypted database, which you can then stick on a server, and get access to it through as many apps as you like.

Getting your vault out of LastPass

I wanted to export my Lastpass vault, and import it into some form of Keepass port. Here are the steps I followed:

1. Logged into Lastpass on the web, clicked on "More options" and selected "Export"
2. Saving the resulting page doesn't help you at all, so you have to select the content of your now unencrypted lastpass vault, and paste it into a text file (any empty document in an editor will do)
3. Save that text file and give it the extension .csv

Getting your vault into KeePass

The next step was to get my LastPass csv-vault into a KeePass database format. It turned out finding an app that supports direct import of plain csv-files was not so easy (most required XML files), but in the end I managed to find one called KeePassXC which accepts csv-files. Handy. Alternatively, if you can't find one that will import csv-files on your platform, you can use lastpass2keepass.py to convert the .csv-file to XML, which will then hopefully work for you.

Once imported, you will have a kdbx-file, which is the encrypted KeePass database, and somewhere along the process you have to create a password for the database-file. Think of it as your master password from LastPass, the one password that gives you access to your vault. Need help picking a good password?

Putting your file where all your apps can access it

Obviously you can keep the file on your local device, being laptop or phone or wherever you'd like it to be, but the real value from password managers are when they are available to you whenever you need them, which means to stick them somewhere on the internet. The benefit of Keepass is that you can stick it on a bunch of different services. Dropbox and Google Drive seems to be the most commonly used, but if you have one, you can also host the database file on your own server, and access it via sftp. You simply upload the database file to a place on your server, and it's then dependent on the app you use, if it supports sftp.

Mobile and web apps and Chrome browser extension

I'm mainly an Android and ChromeOS user, and for Android there's a number of options. I ended up going with KeePass2Android Password, and that does the job for me. If you need access to the file from a computer that is not your own, you can use KeeWeb, and point that to where your file lives (easiest if you have it on Dropbox or Google Drive).

For Chrome (and thus ChromeOS), there's an extension called CKP - which provides you with readonly KeePass password database integration for Chrome. You simply point it to your file, type in your master password, and you are away. 

#opensource #passwordmanagers #security