Why sharing passwords is a Very Bad Idea

I think the following policy should apply to company user accounts (not personal ones like Facebook or Google accounts, but accounts at workplaces). The bigger the workplace, the more important these are:

  1. Access should be given to named individuals only.
  2. Account names should be based on individuals’ names.
  3. Credentials should not be shared.

Continue reading

A clean Firefox profile every time

Sometimes, you need a fresh Firefox. One that is exactly as if you had just installed it. Nothing cached, no cookies, clean. Or perhaps you use different Firefox profiles, for different purposes, and don’t want to have to install all your favourite extensions and configuration changes every time you create a new profile. This post describes one way to achieve both those things. While this post tells how to do it in Linux, you could certainly adapt the methods for Windows or whatever. All you need is Firefox, a way to start it, and a scripting language.

Continue reading

Using Firefox profiles in Ubuntu Unity

As described in another post, I use Firefox profiles to keep various activities separate – different banks, different AWS accounts and so on. It’s easy enough to use them from the command line, but it is much nicer to just click on an icon and have the right profile start up. Here is how to do that for one window manager, Ubuntu’s Unity.

Continue reading

Using Firefox profiles

Out of the box, all your Firefox windows share resources between them. Even with so-called “private browsing” enabled, a lot of what you do is shared between your Firefox tabs and windows. I often want to be logged into Amazon AWS in several different accounts at once, but even if I do that in different tabs or even in different windows of the same browser profile, I can only use one account at a time. All the windows and tabs magically track the most recent login. The answer is to use more than one profile.

Continue reading

Response to a bad article on My Health Record

Dr Stephen Duckett of the Grattan Institute wrote a particularly poor piece on the My Health Record system. His article is available here:


This post is my response, lightly edited with some footnotes added.

Continue reading

Accessing network shares from Thunderbird

Thunderbird in Linux, for some reason, still does not understand GIO filesystems. If you have a network location connected in your file manager (such as Nautilus) you can browse around, copy files and so on – but Thunderbird cannot see those locations. In particular, it can’t attach files out of those locations, not can it save attachments to those locations. Luckily, gvfs provides a workaround.

Continue reading

AWS MFA QR Code tool

As someone with administrator responsibilities on several AWS accounts, I have MFA (multi-factor authentication) enabled for lots of AWS identities – IAM users and root users. I use a virtual MFA device – i.e., a mobile phone running Google Authenticator. The QR codes that AWS displays when activating MFA have some irritating properties…

Continue reading

A better, safer admin user for AWS

If you use AWS, you probably have a root user and one or more administrator users. If you are following best practice you have secured all logins with MFA, and you rarely if ever use the root user. Instead, you log in as one of the administrator users. The problem with that is that as long as you are logged in, you can do anything – including make disastrous mistakes. Wouldn’t it be nice to have all the power of an administrator at your fingertips, but only when you actually need it?

Continue reading