Hotel Coffee Making

Fill Tea Bag

Fill Tea Bag

Just put two tablespoons of coffee in the a tea bag, 12ozs. of water in the coffee maker, and brew.

Story

Single Serve Coffee Maker

Single Serve Coffee Maker

I’m travel regularly for work and always try the coffee in provided in the hotel rooms even though it’s always really bad. I finally decided to do something about this and decided to find a convenient way to make quality coffee in my hotel room.

I started by figuring out that most hotels have a single serve coffee maker that takes special pre-packaged bags of coffee. These filter bags measure approximately 2.75 inches by 3.5 inches. A quick search on Amazon.com showed that No.1 Small Tea Bags measure 3.5 by 2.5 inches. In practice it turnes out that the interior width of the tea bag is only about one inch, and therefore too small to fit two tablespoons of coffee in. The Large Tea Bags appear to be the next size up. Their width is just a little over 3 inches and the height is adjustable based on how the bag is folded. These also have a 2.5 inch interior width, so it isn’t too hard to fill them with coffee.

I took two of these bags, each filled with two tablespoons of coffee on my latest trip only to find my room had a full size coffee maker. Since the coffee maker had a flat bottom, I gave it a try anyway, setting the brew strength to the strongest and putting 12ozs. of water through. It turned out to produce a pretty good cup of coffee.

Original Coffee Filter

Original Coffee Filter

Filled Tea Bag

Filled Tea Bag

Coffee Filter Comparison

Coffee Filter Comparison

New Bag in Tray

New Bag in Tray

Browse the Pebble App Store from a Computer

Quick Solution

Go to https://apps.getpebble.com/?access_token=0. Click "Cancel" when prompted "Request failed. Try again?"

Search by going to https://apps.getpebble.com/?access_token=0#/search/watchapps to search the app store.

Explanation

I’m not currently a Pebble Smartwatch owner, but I decided I wanted to start exploring smartwatches and backed the Pebble Time Kickstarter. While I’m waiting for my watch, I decided I wanted to look at the apps that are available. A quick Google search and Pebble Forum Post brought me to a reddit post which indicates that you can access the Pebble App store from a computer, but it requires a Pebble.

Looking at the link in the reddit post: https://apps.getpebble.com/?access_token=[MY_TOKEN]&platform=android∓uid=, I wondered if there was a workaround to the access token.

I tried:

  • https://apps.getpebble.com/ resulted in "Not Found"
  • https://apps.getpebble.com/?access_token=&platform=&uid= resulted in an expanding orange circle
  • https://apps.getpebble.com/?access_token=0&platform=&uid= resulted in a dialog indicating the request failed.
    • Clicking OK, just kept bringing up the same dialog.
    • Clicking Cancel, initially brought up the expanding circle I’d seen previously, but suddenly the app store appeared.

Playing with the URL more, I removed the platform and uid parameters and it still worked. access_token appears to be required, but it can be set to any non-null value.

I found the search link by blindly guessing https://apps.getpebble.com/?access_token=0#/search/ the URL after seeing the format of the category URL (https://apps.getpebble.com/?access_token=0#/categories/5261a8fb3b773043d500000c). The search URL I entered automatically redirects to https://apps.getpebble.com/?access_token=0#/search/watchapps

iOS Captive Portal Problems

Every once in a while, my iPhone 6 running iOS 8.2, refuses to automatically bring up a captive portal authentication page. Bringing up a browser didn’t help, because my phone would automatically route data over the cellular network.

The workaround is as simple as disabling "Auto-Login" for the specified network.

  1. Go to Settings → Wi-Fi → <Network> Info
  2. Disable "Auto-Login"
  3. Open Safari or any other web browser
  4. Go to http://captive.apple.com or other unencrypted page (e.g. http://www.msftncsi.com, http://nist.gov)

If you use LastPass, this also allows you to use the LastPass extension to auto fill captive portal authentication fields.

DreamHost Private Key Format

When renewing my SSL/TLS certificate for my DreamHost shared hosting account, I generated a new 4096-bit RSA Private Key using OpenSSL 1.0.1e. I was surprised and confused when DreamHost reported "Invalid private key". I initially thought it was a problem with the 4096-bit key but found documentation indicating 4096 is a supported option.

I checked the that my key was PEM formatted as expected, and finally realized it was an incompatibility between the "-----BEGIN RSA PRIVATE KEY-----" and the "-----BEGIN PRIVATE KEY-----" variants of the PEM format when I couldn’t create a self-signed cert using OpenSSL 0.9.8za and my brand new key. Once I realized this, it was a simple conversion using the command 

openssl rsa -in private.key -inform PEM -out outfile.key -outform PEM

with OpenSSL 1.0.1. The in/out forms aren’t strictly necessary, but make the command a little clearer to read.

Musings on Password Lengths

I’ve been thinking about password lengths, complexity, and how much strength is really required.

Random Passwords

I use LastPass for all of my passwords an never really calculated how long I need to make my passwords secure assuming they’re fully random. Since AES with a 128-bit key is considered sufficiently secure, I want my passwords to have at least 128-bits of strength. Doing some quick math based on a standard US ASCII Keyboard, the bits in strength in each character classes are as follows:

  • lowercase – 26 ≈ 4.7
  • uppesrcase – 26 ≈ 4.7
  • numbers – 10 ≈ 3.3
  • symbols – 30 ≈ 4.9

I assume that every website will accept alphanumeric passwords, so that gives 62 possibilities. Each character has just short of 6 bits of strength. 128 / 6 ≈ 21.3, so a random 22 character alphanumeric password has more than 128 bits of strength.

If the website accepts all special characters, that 92 possibilities. Each character then has just over 6.5 bits of strength. 128 / 6.5 ≈ 19.7, so a random 20 character password has more than 128 bits of strength.

"Human" Passwords

Human passwords are much more difficult to estimate the strength of. I like to use a variant of the xkcd: Password Strength method of using a combination of words, numbers and symbols. This changes/adds the number of possibilities based on the number of words. The Oxford English Dictionary indicates that there are about 600,000 words in the English language. Assuming that half of these are between 3 and 6 characters, each word between 3 and 6 characters has about 18.2 bits of strength.

If an attacker knew the composition of a password that followed the pattern word, symbol, word, number, word, symbol, word; this password would have 18.2 + 4.9 + 18.2 + 3.3 + 18.2 + 4.9 + 18.2 = 87.7. While a password like this doesn’t quite reach 128 bits of strength; it is reasonably strong, should be easy to remember, and fairly easy to type. Also, an attacker probably wouldn’t know the password composition method, making the actual strength a bit higher. If science and technical terms are included, that will increase the strength per word. Just make sure you pick your words randomly.

Conclusions

The 24+ character random passwords for websites are unnecessary, especially when the password reset functions generally have limited security.

I should add a little more length for my master passwords that are susceptible to an offline attack (e.g. LastPass). Fortunately most passwords like this use PBKDF2 to increase the computing power necessary to perform a brute force attack.