Passwords

In response to a comment in the Code Project Lounge about “International Password Change Day”, where a poster had expressed smug satisfaction at having succesfully pushed back on his superiors about the need to change passwords.

In a slight irony, I had to change my password through the “lost password” procedure to login and post this (long time lurker).

The problem with not changing your password, and having the same password (or two) in most places is profound. For example – if you had the same password for WoW and your online banking, I am sure everyone can see how it would be an issue. That is just an obvious example.

The poster used the fact that a simple dictionary password can be cracked in minutes as an excuse to not change it. However, one should have quite complex passwords that would in fact take months if not years to crack.

The problem with this, of course, is that it is inconvenient. I would argue that there are fairly simple ways to create complex, yet memorable passwords. One I prefer is to take simple 3 word phrases (such as Crick Crack Monkey), and using letters from these words, interspaced with numbers and/or special characters, depending on the length and complexity requirements of the system. For example, Cr1Cr2Mo3 is one example, or Cr!1Cr@2Mo as another. All one has to do is remember the basic formula, and the three word phrase. Of course using a formula reduces the word-space the cracker has to search, but it is better than whole or half words or names typically used. Another advantage is that you can use the source of your phrase as your password reminder (for my Crick Crack Monkey example it would be Paul Keanes Douglas – the author of the poem). For a Beatles song such as “Every Little Things”, the clue could be “Six Beatles for Sale” (the album the song came on, and track number).

Now having said all this, I believe that passwords are still inadequate and inconvenient. We need a stronger, two way security system. Google’s new challenge and answer system goes a long way towards this. Their system has a password, and then sends another token to you (via cellphone), which you must key in. Face recognition is also improving (and can be used on some phones).

Things are also moving to single-sign-in, so you can connect to many other sites using either your facebook, twitter or google (or other) accounts. This is either more secure (if you use a strong password and secure system), because you will take the trouble to maintain a good password, or far far less – if you use a crummy password on your primary login.

Google’s naming controversy

Reading another article about Google’s naming policy for its Google+ web portal, I came to a new realization about the whole thing.

I no longer think it is the corner cases that most people argue that are at stake here. It is not abused women, or people with only one name, or people without official documents, or even people with unusual (real) names. It is ordinary people, who wish to share their opinions without reprisal.

We have had a spate of incidents where people have been denied jobs or public office, or being fired based on being identified on some web archive doing or saying something embarrasing (in the context of the occupation or post). This could be as simple as a Lawyer by day revealing some unusual hobby, or a politician with some drunken revel from College days. Either way, we used to judge people by their present performance (because we did not have access to their entire past). Now it is quite likely that pretty much everything anyone ever does may be recorded and archived somewhere.

If your main internet identity is identifiable as you, then you had better act in a way that won’t bring some kind of issue down on you in 10, 20, 30 40 or 50 years time, in whatever occupation you may be doing next year, or in 5 years, or forever. Hmmm. Pretty hard to anticipate. I wonder what will be considered inappropriate 50 years from now?

Android vs. iPhone

MG Siegler – a blogger who runs the site ParisLemon <http://parislemon.com/post/15604811641/why-i-hate-android> writes about the past, and Googles’ failure to sell smartphones unlocked for $99 that would allow consumers to “give it to the carriers”. To me, the whole rant sounds and feels like democrats who are not going to vote, in protest over Obama’s failure to carry his agenda over a grid-locked Republican controlled, highly partisan congress. In fact all his rants sounds like that, including his similar rant about Android’s openness.
Everything needs to be considered from the now. There really is nothing else. I too bemoan the fact that there are no cheap unlocked phones that I can buy a SIM for, and use without contract. I too wish that Google had the intestinal fortitude (and wireless spectrum chest) to do battle with the carriers and win. But it did not happen. Life does move on.
Right now, there are extremely powerful, attractive and functional Android phones available that are, for this user (and obviously many others)  viable alternatives to the iPhone. Not shabby alternatives, but superior ones. I use, every day, many features which I consider essential, that came in the box on my supposedly inferior Android phone. Many of those features are available on the iPhone, but several are not. My wife has had a 3GS since they came out, so I know that of which I speak.
I terms of apps, to mention a couple I speak specifically of Google Navigation – far superior to anything on the iPhone. I travel regularly across the border, and Google Nav has been our GPS many times. There have been hitches, but few and far in between. Calendar – the iPhone has nothing in power and flexibility by comparison. Frankly, I manage my life using the Calendar. Between myself and my wife (who has to scrape by with an add on paid app called goo-sync) – we use 6 calendars, all merged and colour coded into a single sweeping screen of activity, accessible on any computer/tablet/phone we are logged into. There are numerous other apps that I use regularly that I find the Android version either better, more flexible on Android, or simply unavailable on iPhone. I am sure the reverse is true somewhere, but I haven’t come across it.
The music player – the iPhone plays only mp3, wma and mp4. We (my wife and I) have a huge collection of CDs, and I have ripped them all to flac, and then converted them to .ogg files. I chose ogg, because it provides the best sound for a given compression that I could find. I even created a blind tester, where I used a script to play a sample of the same songs on each player in random order, and submitted my vote. Across 100 test runs, 67% favoured ogg, with 13% neutral and only 20% in favour of mp3. BUT: the iPhone won’t play .ogg files, and I cannot install a player that will. So in order to support my wife’s iPhone, I have to create another copy of every music file in .mp3 format.
Then we have iTunes – an ill-behaved monster of a Windows program that sucks CPU and HD activity. It will NOT work correctly with a network drive – making nonsense of the family effort to consolidate our music in one place. The Android on the other hand lets me drag and drop practically any music file format under the sun onto the phone as an external drive via usb. In fact, I can drag and drop any file at all, and if I have an app that reads the file, I will able to use it on the phone as soon as I have disconnected the USB. No iTunes, no windows app at all.
I can run an ssh terminal shell on my Android, that lets me log in remotely to my server when away. I can use VNC to connect to a remote windows machine over an ssh tunnel (I mention this because in spite of most peoples eyes glazing over at this point, when I was running my tech business, it saved my butt when traveling to far off places).
Android phones use a standard USB cable. I have the choice of all-screen, or physical keyboard. I have an array of add-ons such as an external screen and keyboard. I can tether my laptop(s) to my Android when I am out of free WiFi range – a feature that is indispensable at  the moment since my new ISP has cocked up their installation appointment. My wife’s iPhone cannot do this.
Before anyone wonders – I am using an old (3 years) Acer Liquid E. It runs Android 2.2, and it is far more useful to me than iOS whatever. When this phone keels over and dies (and it shows no signs of doing so) I intend to replace it with another droid, and the above is all part of why.
You can hate Android all you want for its failure to be all that it could have been, but I ask you this: did Apple do any better on the same issue. Can you buy a $99 iPhone and “stick it” to the carrier without a contract? It will never happen. At least Google tried.

Game Hackers

I recently followed a link to the Code Project’s Lounge, where the following was posted:
“I’ve been enjoying online games for about 12 years. 

In every online game I’ve played sooner or later someone develops a hack (aimbot, speed hack, etc) and makes a little bit of money marketing it to other players. For a recent example see the Mass Murder hack for Battlefield 3: Mass Murder[^]

There are a couple of things that I understand:
1: I understand developing such a hack can be a fun challenge.
2: I understand that the hack has a humorous side to it.

That said, in the end a bunch of paying customers for a company are having their entertainment ruined by people who obviously have no interest in playing the game with any integrity. Time and time again I’ve seen hundreds, and even thousands of people, disrupted because of these sorts of hacks. This seems to be a threat to real people’s livelyhood and it ruins the fun for many paying customers.

I know it seems draconian, but I’d like to see hard jail time for the people who develop these programs. Somehow, I think if I could program McDonald’s coffee machines to spray the interior of restaurant that I’d get some jail time for that behavior. If I could program Ford automobiles to flash their lights randomly or cause city buses to be late there would also be severe punishment.

Maybe I’m getting old – but one thing I really dislike about the internet is the sub-culture that seems to feed off making other people’s lives miserable. It would be nice to read about these “shops” getting busted up and some hacker kiddies getting slapped around a bit. I realize the hacks are not dangerous and these are games, it’s just the opportunistic mindset of a n’vr-do-well that bugs me to no end.

It’s like they wake up and think: Oh, a new game. How can I ruin it for thousands of people?
Weeding these folks out of the gene pool would be good for the long term success of human kind.

Too harsh?”

 

 

It seems pretty clear from the diversity and tone of the replies that there are two camps here. One of people who have become frustrated by a poor online experience, and the other who seem rather blase about it, to the point where I would have to assume, since they see nothing wrong with the practice, that perhaps they too have used these hacks. 

Aside from the likelihood that the hack-users are probably losers in real life (since one can only hold down a decent job for so long as an active fraud), they are also diminshing the community they play in. The most affected are those who are not themselves extremely skilled – who are also most likely newer players. If you deter newer players, then you shrink the hobby. If you shrink the hobby, then you end up with less places to play, and less opponents to face, until you are in a pool with nothing but other hackers.

Perhaps that is punishment enough – but it fails to address the real money and time invested by people trying to enjoy the hobby without cheating.

 

Switching ISPs (or Why I Hate Bell and Rogers)

This is not my first run-in with them, nor my worst. But it simply adds to my irritation and general resignation about the state of telecommunications in Canada as a whole.
One day a little before Christmas, we stepped into a retail store to see what they had. I was interested in seeing the new Galaxy Nexus google phone, and they had it at the Source. The sales gentlemen was very obliging and courteous, and somehow the discussion went around to Bell Fibe. We aske, and he answered. The entire package with TV, basic Internet and Home phone would be $65 / month, and the PVR would belong to us. This would save us scads of money, give us our own PVR, and get us out of the clutches of Rogers. Then he said we would get a $200 store credit if we signed up then. We jumped, and picked up a nice Samsung 40″ TV using our credit + about $300.
Our installation date was set for Jan 8, a Sunday – since we could not cancel our Rogers any sooner.
Of course, canceling Rogers involved the usual song and dance, where they suddenly decided they could give us HD for free, and write off the PVR. Frankly I found the whole thing rather insulting, plus I had already accepted the Bell ofer, though, and installed the TV, so there was no going back.
Did I mention that I had already had a run-in with Bell? Come Jan 8th, I got up and went around the house, clearing access to the phone jacks in the various rooms, and to the incoming stuff in the basement. I even moved my car into visitor parking to free up the spot in my driveway. I waited until noon, and called their customer service to see if I was really getting an installation. They told me I was scheduled, so not to worry. At 2:30, a guy called, asked me about my setup wrt: TVs and Internet, and said they were on their way. They would be there in an hour or so. At 4:00 pm, the guy called back to tell me that the local connection did not have enough connections available. There was insufficient capacity for my house. I should call the business office after 1:00 pm the next day. I was disappointed, but not surprised.
That morning, my 2 year old daughter was disappointed to discover that her morning TV was cancelled. I was concerned because my Internet was also cancelled.
Next day, I did not wait until 1:00 pm. I called at 9:00. I used the number on the web site specifically for Bell Fibe. The first time I got through, waited about 5 minutes, and spoke with a rep, who listened to me and gave me a different number to call. I called that number, waited another 5 minutes and spoke to someone who tried to transfer me to the installation department. I was transfered and someone hung up on me immediately. I tried again, and spoke to Tawnia(?), who transfered me to Tania, who kept on the call, and spoke on my behalf to the various people she felt would help. In the end, it looked like the installation tech. was right, and I would have to wait for the capacity to be upgraded, and they would call back to set an installation date. I pressed them for some resolution, and told them how unhappy I was to have no internet. They did not offer a solution. I said that I may have to use my mobile for data until they hook me up. They offered to transfer me to mobile, which they did, but mobile said that the data was not their problem – that I should ask fibe to give me a credit to cover the data costs.
So I called back again, and got a rep quite quickly. I explained the situation, and he transfered me to the home phone loyalty department. They could not even pull up my account, and told me I needed to be with a Fibe package department. She transfered me to Fibe billing, who actually seemed to be the right people. Dave checked out my situation without any further ado, he sheduled Saturday morning for a re-attempt. To address the lack of internet, he gave me a $50 credit to be applied to the first bill – which should cover the data costs on my mobile plan when I use it to tether at home.
Meanwhile, we have no Internet or TV or home phone. It is 9th January. I will follow up with progress as it happens.