State Farm Security Fail

On State Farm’s security page, they say “The Security of Your Personal Information is a Priority at State Farm” and “We work hard to make sure your account information stays secure. Learn more about how to protect yourself and how State Farm protects you.”

That’s all well and good to say, but the reality is not so simple.

State Farm supports 2FA on your account, which is good-ish. They don’t support Google Authenticator, or Duo. They do support SMS messages and email, in a way in which enabling 2FA enables both and you can’t disable SMS in the settings. This is not so good, as current industry advice is to avoid SMS as 2FA due to SIM swapping attacks and SS7 hacks.

But then it gets worse. The devil is in the details, or in this case the following sentences: “Use a verification code or answer public based questions every time I log in.” “Selecting Two-Factor Authentication means you’ll receive a unique verification code by email or text or you will answer a series of public based questions each time you log in.” This is where things get really scary. Verification by ‘public based questions’ is an absolute favorite for identity thieves. They can sit at their computer with a copy of your credit report and answer these with a high degree of success.

I tried complaining about lapse in security practice to State Farm, and they seem to have fully drunk the LexisNexis kool-aid on this. They stand by their use of a vulnerable verification tool that puts my accounts at risk.

Time to find a new insurance provider.

Installing MacPorts on MacOS 10.15 Catalina

Update: I always appreciate the traffic, but the folks at MacPorts have their official installer for Catalina available now. You should use it:
https://www.macports.org/install.php

Updated on 2019/10/09 to work with the public release of Catalina.

Another year, another round of “Oh, shit! My software doesn’t run on the latest version of MacOS!” While MacOS steadily marches towards being a consumer friendly OS that alienates the hardcore users, we continue to try to beat back the tide with tools like MacPorts. I’ll be curious to see how things go with future versions of MacOS, now that there are reports that upgrading to Catalina will wipe out a users /opt/ folder.

Below you will find my steps for getting MacPorts compiled by hand on MacOS 10.15 Catalina. I am working on a clean install of Catalina and Xcode 11. If you are trying an upgrade, or using a different version, your experience may be different. If you run into problems post a comment and I’ll do what I can to help out.

And so, without further ado…

  1. Install MacOS Catalina
  2. Install XCode 11
  3. Launch XCode
    1. Agree to the license agreement.
    2. Enter your password when the authentication dialog box opens.
    3. Wait for it to finish installing components.
    4. Quit XCode
  4. Open a terminal window.
    (CMD-Space terminal <return>)
  5. sudo xcode-select --install
    (enter your user password)
  6. When the pop-up opens asking for permission to install the command line tools, click “Install”.
  7. Agree to the license agreement, despite what it says will happen to your first-born.
  8. Back to your terminal window, inscribe these arcane incantations:
  9. sudo xcode-select -s /Applications/Xcode.app/Contents/Developer
  10. sudo xcodebuild -license
    (Space through the document, and then type ‘agree'<return> – The ghost of Steve Jobs will not start haunting you until at least New Years.)
  11. cd ~/Desktop
    (A window will pop up asking for access to your desktop folder. Grant it, lest the imps be released.)
  12. curl -O https://distfiles.macports.org/MacPorts/MacPorts-2.6.1.tar.gz
  13. tar -xzvf MacPorts-2.6.1.tar.gz
  14. cd MacPorts-2.6.1
  15. ./configure
  16. make
  17. sudo make install
    (Enter your user password if prompted. You may not be prompted if you get through the above steps quickly.)
  18. echo "export PATH=/opt/local/bin:\$PATH" >> ~/.zshrc
  19. source ~/.zshrc
  20. sudo port -v selfupdate
    (Enter your user password if prompted. You may not be prompted if you get through the above steps quickly.)

At this point you are pretty much ready to start installing ports. I say pretty much, because there are two ‘optional dependencies’ that will make your life easier:

  1. Install Java from https://www.java.com/en/download/mac_download.jsp
  2. Install XQuartz X11 from https://www.xquartz.org/

OK, now you are really, really ready to install ports. 🙂

Take your fresh Catalina install out for a spin and let us know how it goes!

If this worked for you, could I ask a favor? Share a link to this article somewhere you think people would find it useful. Thanks!

Preserving Thermal Receipts

I am not a fan of thermal receipts, but they’ve taken over the word and now we have to deal withe them. Not even addressing all of the health an environmental problems with thermal receipts, my biggest issue is that they fade. Even if you are careful to put your important receipts into a folder or file, I’m sure you’ve had at least one time you needed a receipt for taxes or a warranty claim and when you went to dig it out you found a collection of unreadable pieces of paper. I have two suggestions for addressing this first world problem:

  1. If you have a camera enabled phone, take a picture of the receipt as soon as it is in your hand, and file it in a folder called Receipts. A digital copy will last forever, if you maintain decent backups.
  2. Before you file the physical receipt away, ‘laminate’ it with packing tape. I recommend 3M Heavy Duty Shipping Tape for its strength and durability. You still need to store your preserved receipt someplace cool and dark, but this will slow down the eventual oxidation of your receipt. DO NOT use a heat laminating machine, as that will turn your receipt black.