Welcome to Steve Gibson's Blog

[Steve]

To receive notifications of future blog updates, move up one level by clicking this link, then click the Watch/Unwatch button above/right.

Technically, I've been maintaining a blog for many years. But the term “maintenance” suggests being a far more active blogger than I've ever been. I've always had a WordPress blog, but there was so much overlap with what these forums can do, that it made no sense to have both. So I've moved my “Blog” here, where it belongs.

As you may have already noticed, the “Blog” concept has gradually broadened to include additional features, such as the “Work & Progress Tracking” thread, and likely other things in the future. So it's really going to more like “Steve's Hangout.” We'll see how it develops. And to that end, I'll endeavor to periodically post updates for all who care about what's going on, what I'm up to, what's next, and what plans I have.

And, as the note above reminds: You can control future eMail notifications using the Watch/Unwatch button above.

 

[cem]

Great new site Steve, thanks!
For an alternative to "watching", for people that like RSS, you can use https://forums.grc.com/forums/blog/index.rss to just watch the blog portion of the site (the rss button at the bottom is for everything.

 

[PHolder]

for people that like RSS

Yes, in fact you can use that trick for any section of the system. Basically edit the URL to add a index.rss at the end and see if you get offered a download. If it works, you've just generated your very own RSS feed for that URL.

For example: https://forums.grc.com/forums/the-lounge/index.rss for the "off topic" area.

 

[iSecurityGuru]

Looking forward to your blog, Steve. I’ve subscribed to it via RSS.

I‘ve played around with Steve’s SQRL app for Windows to see how it works. But I have yet to integrate SQRL into my life. I would love to use SQRL on this blog, if the SQRL app platform of my choice is ready.

 

[Barry Wallis]

Looking forward to your blog, Steve. I’ve subscribed to it via RSS.

I‘ve played around with Steve’s SQRL app for Windows to see how it works. But I have yet to integrate SQRL into my life. I would love to use SQRL on this blog, if the SQRL app platform of my choice is ready.

It definitely works fine on Windows. What is the platform of you r choice?

 

[iSecurityGuru]

It definitely works fine on Windows. What is the platform of you r choice?

I agree that Steve’s SQRL app works great in Windows 10.

But thanks to Microsoft losing control on their QA process, I’ve decided to stop using Windows 10 and switch to macOS instead. I’m looking forward to Apple releasing their Apple Silicon Mac before the end of the year.

I use iPadOS/iOS.

I don’t use Android, Chrome. I use Firefox on my Mac, but it is not my main browser.

 

[iSecurityGuru]

I‘m thinking, maybe there needs to be a way to fund development of SQRL apps using crowdfunding. I’ve talked to a business associates who is in the app business about SQRL. Unfortunately, it is very hard to make a business case to develop SQRL apps.

Developing good quality apps requires a hefty commitment of time and effort. Ideally, the app developers for SQRL are paid for their time to focus solely on developing the best quality SQRL apps.

Maybe crowd-funding is the answer?

 

[PHolder]

maybe there needs to be a way to fund development of SQRL apps

Okay, we have SQRL forums for a reason, and that reason is not to pollute these forums with SQRL related posts. Please take this discussion to the SQRL forums at https://sqrl.grc.com/

Also Terence, could I please request you reconsider the length of your signature, to try and keep the signal to noise ratio down. I think you could probably manage with, say, three lines total, one of which would be a link. Surely all those other interesting ways to reach you are all listed on just one "about you" page somewhere.

 

[AlanD]

I use iPadOS/iOS.

There is an iOS version in Testflight. If you look in the SQRL forum there should be a link to Jeff Arthur who wrote it.

https://sqrl.grc.com/forums/jeff-arthurs-ios-app.10/

 

[Sushi]

Is it just me, or is the iOS link on this SQRL page dead?

https://sqrl.grc.com/pages/getting_started_with_sqrl/

 

[AlanD]

It works for me, although you have to sign up for TestFlight and then apply for an invitation. It is not yet available in the Apple Store.

 

[PHolder]

iOS link

Unfortunately the iOS app isn't quite in the state as other apps. Last I knew, @Jeff Arthur uses his signature on the SRQL site to keep people up to date on where things are. Because of Apple's control, you need to have pre-release apps in a "special" state where you get an invite, in essence.

 

[DesignatedJ02]

The forum looks great so far! I am excited to keep up with your work and interact with the community!

 

[Todd]

Love the nice shiny new forums you got here Steve!

Suggestion: I'm one of those people who care about security but not so much that I spend many hours each week reviewing the latest trends, issues, hacks, etc... Rather, I look to people I trust and who are much smarter than I to get a handle on the latest security issues/news.

It would be awesome if you could keep an up-to-date list of security related software you use that people like me could reference.

I have been using LastPass ever since you reviewed it a while back but in recent times I have been concerned about it's stakeholders and the changing of the guard. Do you still use it? If not, what do you use? These are the kinds of questions that could be answered by a 'living' document that you keep updated and your followers could use as a reference.

Thanks for all you do!

 

[Steve]

Todd...
Time has shown that I'm no good at maintaining living documents. I'm FAR better at storing dead documents. Just look at my site! But, seriously... What you're suggesting is a thankless effort. And it's not that I need thanks... it's that I always have new and more interesting things to do. And they capture my attention completely. If I can figure out how to maintain living documents after I'm dead, then you've got yourself a deal!

 

[Todd]

LOL! Ok, fair enough. Maybe you and Leo can discuss the state of password managers in an upcoming Security Now episode.

And it would not be a thankless endeavor! I got 5 bucks I can Paypal you right now!!

 

[PHolder]

@Steve, it's not death, just an interrupt handler that prevents a RTI.

 

[oldpeculier]

I have been using LastPass ever since you reviewed it a while back but in recent times I have been concerned about it's stakeholders and the changing of the guard. Do you still use it? If not, what do you use? These are the kinds of questions that could be answered by a 'living' document that you keep updated and your followers could use as a reference.

Hi Todd

Like you, I have been a long time user of LastPass but for the same reasons, decided to move elsewhere about 2 years ago.
I decided on Bitwarden, an open source password manager with desktop, web browser & mobile versions.
Bitwarden has a clean interface and is simple and easy to navigate. It has a free forever version for up to 2 users or premium versions for teams & enterprise.
I have been really pleased with the switch to Bitwarden.

Bitwarden is committed to regular cadence of security audits of their source code & platforms, the latest one completing in July 2020.

There are plenty of very positive reviews on password manager review sites. Worth checking out Bitwarden's website for more details.

 

[propolis]

Like you, I have been a long time user of LastPass but for the same reasons, decided to move elsewhere about 2 years ago.
I decided on Bitwarden, an open source password manager with desktop, web browser & mobile versions.

I switched to Bitwarden about a year ago and then discovered and switched to Strongbox (https://strongboxsafe.com/personal/). It is macOS and iOS only so won't find favour with Steve or Leo but it is built on the KeePass database, is open source and is firmly TNO as by default the database is not stored in a public cloud. Personally I do store it in an iCloud folder so that I can sync passwords between my Mac and iPhone and but then I'm ok with that. But if you don't trust Apple's cloud then you could use Syncthing for decentralised syncing - another of Steve's favourites.

 

[Happenstrance]

Okay, we have SQRL forums for a reason, and that reason is not to pollute these forums with SQRL related posts. Please take this discussion to the SQRL forums at https://sqrl.grc.com/

I have to say I was confused why the SQRL forums are completely separate from these, requiring me to register here (which felt like re-registering) instead of existing as a subforum category. It just seems a duplication of effort.