Tiramisu

Sounds fancy, but it’s an icebox cake. Raw eggs are in there, so if that’s a dealbreaker, best skip this one.

500 g / 16 oz. Mascarpone cheese
157 g / 3/4 c sugar
2 eggs, separated (I use XL; if you use smaller eggs, you might need 3)
250 mL / 1 cup strong, cold coffee
3 T Marsala wine, DiSaronno almond liqueur, Frangelico hazelnut liqueur, whatever sweet booze you enjoy
1 large package ladyfinger cookies (min. 24 pieces)
grated chocolate or cocoa powder

  1. In a large mixing bowl, combine Mascarpone, sugar and egg yolks. Mix until well combined.

  2. Whip the separated egg whites until stiff peaks form. Fold whites into cheese until mixture becomes smooth and light – don’t overmix!

  3. Have a deep 9×13 ready! Pour coffee and liqueur into large shallow bowl or deep plate. Dip (but don’t soak) unsugared half of cookie into coffee mixture and place wet side down on bottom of 9×13. Repeat until dipped cookies cover the bottom of your pan, breaking up cookies as needed. Spread a thick layer of your cream mixture over the cookie layer. Dip and place another layer of cookies over the cream, then top with more cream. Keep going if you have enough cookies and cream left, just make sure you end with cream.

  4. Sprinkle grated chocolate or dust cocoa over the top. Refrigerate for at least 6 hours before serving.

A Recommendation for Password Managers

The Intro

You have separate keys for your house, your desk at work, your safe, your car, your bike lock…right?

Why?

Clearly, it’s so that when you hand over your car keys to your mechanic for an oil change, you are reasonably assured you won’t find him, or someone who tricked him, at home in your den perusing your tax returns.

But so many people are effectively doing just that by reusing one or just a few passwords over and over again every time they are prompted to create a username and password.

Doing it wrong

Maybe you’ve learned from other’s mistakes, and you’ve stopped repeating your passwords so egregiously. But you can’t keep track of them all in your head! So you have a file (on your computer, or even a piece of paper in a safe place) with your passwords in it. You have a feeling that’s not ideal and want to use something “more secure” or otherwise “better” for storing your passwords. Good for you!

That’s almost OK

A file containing your passwords (or other sensitive data) is basically what I recommend to you, but with a layer of encryption on top of it.

The old-school approach is to use a program to apply encryption to this password-containing file — or any other sensitive file. That can be rather fiddly. It requires a lot more discipline than most users are willing to demonstrate; if you make a mistake on any of the five steps below, your stuff could be lost or exposed to nefarious types.

  1. put all your username/password combinations into a file
  2. secure it with encryption for storage when it’s not in active use
  3. decrypt it when it’s time to read or update the file
  4. encrypt it again after saving (if there were any changes)
  5. (securely?) delete the decrypted version of the file

How about something more user-friendly?

Enter password management applications: they handle the last four of those five steps above for you every time, and all you have to do is remember one master password to start the password manager program.

I have been using Password Safe for many years, since my employer recommended it for use on their computers. It works on Windows and there are clones of it for the Mac and Linux operating systems. It’s free software on Windows and costs a little on Macs and iPhones. It’s not very usable on Linux, unfortunately, but that doesn’t bother most people (just me, I guess). The original version was written by Bruce Schneier, an industry expert on cryptography.

Link to Password Safe for Windows:
https://www.pwsafe.org/

App Store link to the Mac version of it:
https://itunes.apple.com/de/app/pwsafe-password-safe-compatible-password-manager/id520993579?l=en&mt=12

iOS App Store link to the iOS version of it:
https://itunes.apple.com/de/app/pwsafe-2-password-safe/id938922963?l=en&mt=8

If you only had one computing device and you always had it with you, you could stop reading here and be pretty well covered. But that’s not realistic for most of us anymore: with smartphones, tablets, and computers, and some or all of those devices duplicated between home and business use, you cannot expect to maintain your list of passwords in triplicate or beyond.

Multi-device support

The iOS version of Password Safe, pwSafe, includes a Dropbox synchronization feature, which is nice. It means you can change or add a new entry for a password on your Windows computer and iPhone and Mac computer will get the updates synchronized automatically. This works because changing a record in Password Safe means changing your file, and Dropbox is in the business of replicating updated files among the computers you own. And it requires two additional things:

  1. a Dropbox account (don’t have one? Use my referral link to get one and they’ll give me a little extra storage space for referring you), which is free.

  2. a Dropbox program installation on your Mac or Windows computers to receive the updates to your Password Safe (Windows) / pwSafe (Mac) files.

Those programs all work quite well for me, and have done so for many years. I am transitioning, however to another program called KeePassXC, that does the same thing, but with better Linux support in addition to Windows and Mac computers. It is also free, versus the payware pwSafe programs on Mac and iOS.

KeePassXC’s homepage is here: https://keepassxc.org/

The iOS app I use to view/manage my KeePassXC file is called KeePassTouch, and here is its App Store page:
https://itunes.apple.com/de/app/keepass-touch/id966759076?l=en&mt=8

It also offers synchronization via Dropbox.

Other password managers, which I don’t recommend:

  • LastPass — recent security hole problems.
  • 1Password — recently switched to a monthly subscription model. They want to get paid, natch.
  • Passwords kept in your browser — browsers come and go; Firefox, Chrome, Safari, Vivaldi, Brave, even the dreaded Microsoft Internet Explorer and its suck-cessor, Edge. Your passwords should not depend on any browser, or any one computer. Besides, the risk of someone sitting down at your computer and gaining access to your stuff is higher than you think, unless you lock your screen religiously.

Password generation

All password-managing programs I have ever seen are able to generate passwords for you upon demand, but I rarely use them. They often look like this:

2^u$Y;grtWDF>nCE
d>?a^?A%m)Q^8.!f
U=Ps!^+Ke/!L4TbC

… which is pretty good for

  • satisfying those arcane requirements from your employer or bank or whatever about at least one capital letter, lower-case letter, number, and typographical mark
  • making sure you’ll never remember it, and therefore
  • eliminating the temptation to re-use your password on more than one site (and we all know how one should never EVER do that, right?), and
  • preventing anyone (even you!) from reading it off of one device’s screen and typing it into another. Imagine you’re reading one of those strings of characters into a crappy mobile phone connection with a sense of urgency — it could get very frustrating quickly.

Instead, inspired by “correct horse battery staple” I wrote a password-generating website that I use. It has what I consider an acceptable compromise between entropy and readability in that large chunks of the generated passwords are human-readable words punctuated by numbers and, well, punctuation. https://ssl.cliff1976.net/pw2 is the site if you’d like to use it. It’s also just kind of fun to see what random combinations of words come out of that thing.

Assembling the pieces

When I need a new password, I

  1. go to my password-generating site,
  2. generate one and save it into my password app, and
  3. let that new entry replicate onto all my devices.

Some password generators offer more reader-friendly passwords, but these trade human readability for less randomness, and the overall result is much longer than a purely random string generated from the set of all possible characters. Those longer results from the generator (still!) don’t fit into many websites, which still expect you to cap your passwords at 16 or 20 characters in length.

Conclusion

If you aren’t aware that reusing your passwords among services is a bad idea, this post isn’t going to help you. But I hoped to have shown that it’s quite feasible to mitigate the risk by never reusing passwords, whether you’re using one device or many, on the go or at home.

Post-Script: Extra Geekery

GPG

If you are feeling game for it, give GPG a go. It is an old standby in the realm of public key cryptography.1 It’s got some powerful features on the command-line, for those who like to tap away at the keyboard and script stuff. There are some pretty nice, modern, user-friendly applications built on top of it for Macs http://GPGTools.org or anyone using Thunderbird Email (via the Enigmail plugin). Not only will you be able to securely save stuff for yourself, but you’ll be able to encrypt stuff for others, as well.

ProtonMail

GPG isn’t the only (or even most) secure way of sending stuff to other parties. Consider ProtonMail. From ProtonMail user to ProtonMail user, it’s very secure, in that no meta data (sender, recipients, subject line) leak out in transit. But there is a convenient secure option you can use to send messages (including file attachments) to a non-ProtonMail-using contact person, provided you have agreed upon a shared password with that person in advance. Example: I want to send a secret contract document via my ProtonMail email address to the non-ProtonMail user MaxMustermann@gmail.com. I can check a box in the ProtonMail composing screen and set a password on my message. I then communicate that password to Max out-of-band (like calling him on the phone or sending it via instant messenger2 ), and then Max has to enter that password before he gets access to that message containing my secret contract document.

Watch a TED Talk about it here if you like.

  1. Try Wikipedia’s explanation of it, if the term is unclear. []
  2. Try Threema or Signal — I’ve written about them before. []

¡Puerto Vallarta otra vez!

We returned to Puerto Vallarta again in January 2018 for a break from winter.1 It was glorious, like usual.

Corraled in Houston

Except for the getting there, which (predictably) was nicht so toll.  But we didn’t let that wreck the mood. Our buddy from Boston and several-time visitor to Ye Olde Parental Condo flew in shortly after we did and the Good Times™ began to roll.
Continue reading ¡Puerto Vallarta otra vez!

  1. Actually winter hadn’t been all that wintry by that point, but those last couple weeks of February — hoo boy; that was winter like we don’t often see ’round these parts. []

Morbiflette (French Mountain Potato Gratin)

A couple of years ago, on a trip to France, we ended up poking around a Christmas market in Dijon. It was lunchtime and we were staring at a giant skillet (a poêle, linguistically related to paella) with potatoes and onions and bacon and cheese, all being stirred by strapping French country men. It was love at first sight. Chunks of Morbier cheese with its signature dark vein running through the center were on display, being tossed in as the cooks saw fit. We got a portion and split it. That was dumb; should’ve each gotten our own. After cross referencing multiple recipes, we FINALLY hit on a good reproduction.

The method is based on that of tartiflette, a potato dish developed in the 80s to promote Reblochon cheese. Reblochon is a much softer, brie-like cheese, as opposed Morbier, which you can slice. The firmer texture of Morbier is why I’ve upped the crème fraîche; runnier Reblochon made for a creamier finished product.

A note: you guys, it is SO EASY to mess up a gratin. Believe it or not, a pile of cheese and starch will be sad and bland if you don’t do the detail work. Think “eh, I don’t need to boil the potatoes, they’re going in the oven,” or “ew, I don’t want to cook the onions in bacon grease! I’ll use olive oil instead,” and you will ruin all your hard work. The potatoes need to be boiled in salted water or they’ll be gummy and bland. The onions need the bacon grease because of the smoky saltiness it imparts. The salt levels need to be checked and adjusted throughout the process to keep the flavors balanced. If you’re worried about this not being healthy, make something else. Cutting corners on this dish will render it inedible. A salad with a tart vinaigrette is the perfect accompaniment.

1 k or 2.2 lbs large waxy potatoes, peeled and cut into halves or thirds
2/3 t salt
200 g or 1/2 lb bacon
2 large onions, sliced into ribbons
2 cloves garlic, roughly chopped
100 mL or 1/2 c white wine (we forgot this, so we drank it with)
1/2 t dried thyme
75 g or 1/3 c crème fraîche
3 T heavy cream (forgot this too, but the texture would benefit)
300 g or 2/3 lb Morbier cheese, rind trimmed and sliced thickly (1/2 cm or 1/4 in)

In a large pot, cover the potatoes with cold water. Bring to a boil over high heat, add salt, stir and lower heat to a steady simmer. Cook potatoes for 15-20 minutes, or until easily pierced with a sharp knife. Drain potatoes and set aside to cool. Do not rinse potatoes!

Heat a large skillet to medium high and cook the bacon until browned and crispy. Set on paper-towel lined plate to cool. Turn heat down to medium and add onions to the skillet to cook in the bacon drippings (if there are a lot of drippings, remove all but 2 T and set aside to add in case pan starts to look dry). Cook until softened and starting to caramelize, stirring only occasionally. Add a pinch or two of salt if needed (onions shouldn’t taste salty, just very oniony) and chopped garlic for last 2-3 minutes of cooking. Remove onions to deep bowl.

Preheat oven to 220° C or 425° F. Lightly but thoroughly butter a medium to medium-large baking dish (several individual deep crocks would also be great for a crowd). Chop cooled bacon into bits and add to onions. Add thyme, crème fraîche and cream to onion mixture and stir until well distributed. Slice cooled potatoes into generous 1/2 cm or 1/4 in pieces.

Assembly
Layer half of potatoes on bottom of buttered dish, using broken bits to fill in gaps. Top with half of onion mixture, spread evenly. Top onions with half of Morbier slices (try to leave small margin around sides of pan). Repeat sequence until all ingredients used up.

Put pan in oven and lower heat to 200° C or 400° F. Bake for 30-40 minutes or until top is browned and bubbly. Let sit for 5-10 minutes before slicing.

Zimt Riesenschnecke

I like a lot of those videos by Tasty. Snappy music, nice videography. Makes for a fun viewing. But they are somewhat misleading: every thing you need to know fits into a two-minute video of theirs. The execution is nowhere near as straightforward as it seems in the video, and you are responsible for your own music. But still, this was a success. I got it from this YouTube video, which was inspired by her. I adapted the recipe for use with metric measurements and fresh yeast, which I prefer over instant or active dry yeast. I converted the yeast amount based on this yeast converter website, for which I am grateful. The instructions are mostly a straight lift — just be aware of the baking time notes in the instructions. Continue reading Zimt Riesenschnecke

One-Pot Spicy Rigatoni

I’m not a full convert, but I do dig this whole one-pot recipe craze. Especially with pastas, I find the noodles are particularly infused with flavor. We were inspired by this recipe, but made a few changes. I imagine it’s great with the chicken, but we’ve only ever had it without and it has never disappointed.

2 T olive oil
2 shallots, finely chopped
5 cloves garlic, smashed and chopped
2 roasted red bell peppers, roughly chopped
2 T tomato paste
1/2 c dry sherry
1 28 oz can stewed tomatoes
2 c water
2 T fresh oregano, finely chopped (or 2 t dried)
2 pinches dried red pepper flakes (3 if you like it spicy)
1/2 t salt
500 g Rigatoni (or other short pasta, tubes would be best)
1 T butter
10-15 basil leaves, torn
1/2 c Grana Padano, grated
3 T cream

In a deep pot, heat oil over medium-high heat. Sauté shallots and garlic until tender, then add peppers and cook for 2 minutes. Stir in tomato paste and cook until it begins to smell caramelized, then deglaze pot with sherry. Add tomatoes and break them up with a spatula. Add the water, oregano, pepper flakes and salt and bring to a boil.

Add the pasta and cook, stirring frequently, for 10-15 minutes or until almost tender. Turn heat down to low, add butter and basil. When butter is completely melted, add cheese and cream, stirring until integrated. Simmer for 5 minutes more, stirring all the time, then remove from heat. Let stand for a couple of minutes, then serve.