From the brain behind GRC (Gibson Research Corporation),Ā Steve GibsonĀ (twitter: @sggrc) has a tool just for you. It’s called InControl. It sets a couple of RegEdit keys that keep your computer on the current feature version.
With ONE CLICK to either “Take Control” or “Release Control”, YOU can decide whether your computer gets the next feature update, no Microsoft.
This is a free tool and does not need to install. You run the simple exe and BAM!
I have this on my own home personal Asus laptop running Windows 11 22h2 and I actually did a Google search for when the release of Win 11 23h1 because I didn’t know because I was still IN CONTROL of my Windows 11 major feature updates. The answer was 2/5/23.
Also, if you didn’t know, Microsoft just announced it will not be releasing any more feature update/semi-annual roll ups for Windows 10. Win 10 22h2 was the last. You will still get monthly updates until Oct 2025 for Windows 10.
#TLDR – Don’t be afraid of Windows 11. It’s the same as Windows 10 with a few rounded corners and a centering start menu. Update now or at least before 10/14/25
I created the above post a while ago. I just added appropriate 301 redirects for all my social media. You can go to jasonlamb.me/ [insert social media] to get to my profile on that social media.
Example: jasonlamb.me/facebook goes to facebook.com/jasrasr try it with /twitter /instagram & /youtube
Pretty much any #jasrasr or @jasrasr account you see should be mine. If you see another that you don’t think is me then let me know.
Social media integration has been on my mind lately. Yes, before you get ahead of me, I know you can setup your twitter to post to facebook and your instagram to post to twitter and facebook. But there is already one problem. If I have my instagram post to twitter and facebook and my twitter post to facebook I end up with two postings on my facebook. I am getting tired of deleting post. I want to add content easily, not have to worry about duplicates. No one wants to see duplicate status post!
IFTTT is a great way to setup recipes to interact with several aspects of several channels. A channel can be facebook or twitter or instagram or even this blog. For examply I can create a recipe that says if I post something to this blog then post it to facebook.
I just wanted to update with the first post of the year. It is rare that one can do something first. It is also possible that I am typing this at 5:19pm on 1/3/23 and have the ability to pre-date my postings…I guess you will never know?
I am also a fan of scrabble and this picture looks like scrabble tiles.
So I am constantly learning. 40% of the internet is using the WordPress platform. I am no different. I started building my own websites with pure HTML/CSS/JS and loved it. It was a lot of work. WordPress started in 5/27/03 and my first website spun up in December 2004. I didn’t know about WordPress (WP) until year later. I kept my own website but then started dabbling with it and other CMS platforms.
Because it is so widely used, it is grabs the attention of the hackers of the world. Just like Windows and Chrome. If you have the market majority then you are the platform that people go after.
Over the years my sites have been routinely compromised or attempted at such. I have had to recover much data from backups.
Recently I learned about a username sniffing technique that is used on WordPress to discover usernames so that a brute force attack can be used to gain access to the site backend. I created a lovely redirect to his page from those pesky username sniffs just for fun.
CAPTION: I wonder if Jedi mind tricks work on hackers?
If you type in https://jasrasr.com/?author=1 then you get redirected to https://jasrasr.com/stop-sniffing-me
You could enter any number after the ‘=’ sign. https://jasrasr.com/?author=123 would also redirect to the same: https://jasrasr.com/stop-sniffing-me
That page then is clickable to this page to explain why I did what I did and now I am laughing at the whole thing. I could’ve installed a plugin to block the username sniffs but I like this approach better.
I just tested and created a new test user which makes technically author=2 valid. If this exist then you can see the archives and blog post/pages that were authored by that username. More importantly you can see the username in the URL and on the page.
In this example from icwnow.net you can see the username ‘kbjjsywyvf’ and the ‘test’ post that was created. A hacker can take this info and attempt commonly used passwords to gain access to the site.
This page will be updated. I am not done, but it is bed time…
There is a major difference between an easy to remember password and one that is secureā¦or is there? Can’t you have both? Shouldn’t you have both?
There is a thought that adding spaces to your password to make a pass phrase is more secure because it enables you to have longer passwords that can be easier to remember. The true test of security is length and amount of randomness. Since we truly can’t be actually random, we need to include all types of characters allowed for a password. I am going to use password to encompass pass phrases as well because whether a password has spaces or not it doesn’t change what it is. A space in a password is still just a symbol character, so it’s just a password with spaces. I would argue you should have another symbol(s) besides spaces.
I wrote a previous post about passwords and security here, titled Secure Password is Not Secure. In this posting I highly suggested you use a password manager like LastPass and a Password Generator (LastPass offers this for free). The password generator is easy to get to if you are in Chrome or any browser with the LastPass extension installed by hitting ALT + G on your keyboard. You can also check your keyboard shortcut settings in the extension manager. chrome-extension://hdokiejnpimakedhajhdlcegeplioahd/tabDialog.html?dialog=preferences&cmd=open. This link might not work, and you may have to right click your LastPass extension and click on Options.
Right click the LastPass extension, left click Options.Left menu for Hotkeys, See Generate Secure Password at the top and see the default keyboard shortcut.
So if you don’t like LastPass or think they are evil then BitWarden is another company that offers all the same features.
Whatever you do, DO NOT use the same password on two different websites. I can’t stress this enough. Once you have a compromised password on one site, it is VERY likely the hacker will use automated tools very quickly to attempt that same password on many other sites.
You may not have anything to hide or want to keep super secure, but I bet you don’t want to be locked out of your email, Facebook, Instagram, etc. accounts?
So how do I create a secure and complex password?
A very simple way to come up with a more secure and more complex would be a “pass phrase” as discussed above. You can make it as random as you like.
EXAMPLE 1: The 3 brown dogs ran FAST! EXAMPLE 2: 1Jason is a really big NERD!
The above examples both have 163 bits of entropy which is the amount of randomness including all the characters. (5 uppercase, 14-16 lowercase, 1 number, 6 symbols)
If you want to know how many possibilities for a password then you take the total number character types to the power of total number of digits. total password possibilities = possible characters ^ number of digits Example: A bank card PIN has 10k possibilities because 0,1,2,3,4,5,6,7,8,9 is 10 possible character types ^ 4 digits (generally) so 10^4=10,000
If a computer can attempt 10,000 passwords every second then, per my calculation it would take 2.40116884430133E+39 or 2,401,168,844,301,330,000,000,000,000,000,000,000,000 or 2.4 duodecillion years. I am even dividing the probability in half because generally it takes half as many guesses than possibilities, when referring to statistics. I don’t know how the website above is calculating it’s 2 decillion years. I would have to know how many characters they are including and how many iterations per second. I am figuring 10k/second…
My Math
The iPhone and iOS now offer a great feature to suggest random passwords and even allows you to store them.
TOP 10,000 PASSWORDS!
Go to this website and make sure you don’t use any of these passwords. This list represents the topmost common used 10k passwords gathered from a list of 10 million passwords.
This is an image of the top 100 from the Wikipedia link above. This screenshot is from 9/21/22 and the actual website is subject to change and show different top 100. I have also blurred out and curse words or words deemed to derogatory to displace on my website.
Great, but what do YOU do?
This blog is not sponsored by any of the websites mentioned above. I have personally paid for LastPass since 2010 and have thousands of passwords in my vault. For 99% of those passwords, I don’t even know them. I only know my master password. I don’t have to remember any of them. With the Chrome/Firefox/Edge browser extensions and the app on my iPhone I have very easy access to all my passwords. I also store other important information in my vault like credit card numbers, banking info, tax info, Wi-Fi information.
At stated above, I do not know any of my main passwords for any of my accounts. I generally use a password that looks like this: JwC@RHsefyG$H*&xw96#zRg3fXjY$Y (automatically generated from LastPass which is free $0.00)
LastPass
Bitwarden
Have a safe and secure day and make better password decisions.
If you like this or agree, then leave a comment and let me know. If you don’t like this or think I am wrong, then leave a comment and let me know.
