Passwords

In response to a comment in the Code Project Lounge about “International Password Change Day”, where a poster had expressed smug satisfaction at having succesfully pushed back on his superiors about the need to change passwords.

In a slight irony, I had to change my password through the “lost password” procedure to login and post this (long time lurker).

The problem with not changing your password, and having the same password (or two) in most places is profound. For example – if you had the same password for WoW and your online banking, I am sure everyone can see how it would be an issue. That is just an obvious example.

The poster used the fact that a simple dictionary password can be cracked in minutes as an excuse to not change it. However, one should have quite complex passwords that would in fact take months if not years to crack.

The problem with this, of course, is that it is inconvenient. I would argue that there are fairly simple ways to create complex, yet memorable passwords. One I prefer is to take simple 3 word phrases (such as Crick Crack Monkey), and using letters from these words, interspaced with numbers and/or special characters, depending on the length and complexity requirements of the system. For example, Cr1Cr2Mo3 is one example, or Cr!1Cr@2Mo as another. All one has to do is remember the basic formula, and the three word phrase. Of course using a formula reduces the word-space the cracker has to search, but it is better than whole or half words or names typically used. Another advantage is that you can use the source of your phrase as your password reminder (for my Crick Crack Monkey example it would be Paul Keanes Douglas – the author of the poem). For a Beatles song such as “Every Little Things”, the clue could be “Six Beatles for Sale” (the album the song came on, and track number).

Now having said all this, I believe that passwords are still inadequate and inconvenient. We need a stronger, two way security system. Google’s new challenge and answer system goes a long way towards this. Their system has a password, and then sends another token to you (via cellphone), which you must key in. Face recognition is also improving (and can be used on some phones).

Things are also moving to single-sign-in, so you can connect to many other sites using either your facebook, twitter or google (or other) accounts. This is either more secure (if you use a strong password and secure system), because you will take the trouble to maintain a good password, or far far less – if you use a crummy password on your primary login.

Google’s naming controversy

Reading another article about Google’s naming policy for its Google+ web portal, I came to a new realization about the whole thing.

I no longer think it is the corner cases that most people argue that are at stake here. It is not abused women, or people with only one name, or people without official documents, or even people with unusual (real) names. It is ordinary people, who wish to share their opinions without reprisal.

We have had a spate of incidents where people have been denied jobs or public office, or being fired based on being identified on some web archive doing or saying something embarrasing (in the context of the occupation or post). This could be as simple as a Lawyer by day revealing some unusual hobby, or a politician with some drunken revel from College days. Either way, we used to judge people by their present performance (because we did not have access to their entire past). Now it is quite likely that pretty much everything anyone ever does may be recorded and archived somewhere.

If your main internet identity is identifiable as you, then you had better act in a way that won’t bring some kind of issue down on you in 10, 20, 30 40 or 50 years time, in whatever occupation you may be doing next year, or in 5 years, or forever. Hmmm. Pretty hard to anticipate. I wonder what will be considered inappropriate 50 years from now?

Growing Linux Desktop Use

I just read a blog post that pointed out that Linux Desktop use has recently trended upwards from 0.97% to 1.41%.

I can add some personal (albeit anecdotal) notes to this observation.

For one – how about the fact that I am seeing an “Ubuntu Trinidad” group – a user group from a country that was previously snobbishly anti-Linux in a way that only a 2nd world country can be?

What I think is happening now is that it is cool to understand and use Linux. It has become how facebook was 5 years ago – before everyones’ mom and grandmom got on it. I think the spread of Android is behind that. The thing to note with Android is that it enables phones that fall within the purchasing power of third world countries, whereas iPhone cannot easily do that. Now that word is out that Android is Linux, and perhaps more importantly – that Andoid supports tethering – then many people in these other countries are willing to load up Linux on a laptop, and browse the web (using their mobile hotspot).

The other (possible) trend is that people are gathering old computers in their homes. Many of these were Windows XP, which MS has abandoned, and is patently unsafe with its ancient (and increasingly non-compliant) browser. Rather than re-install Windows to attempt to restore some functionality to these machines once they have suffered from bit-rot, many users are trying Linux first (or even second). Once they have a shiny new machine running Windows, having one-or-two extra machines around running Linux can be a tremendous benefit to a household.

Android ICS (4.0) on Tablets vs. iOS.

I recently read Jason Perlow’s take on Google’s new version of Android (Ice Cream Sandwich) on tablets.

Interesting take. The reasons (with the sole exception of the task switcher woes) he doesn’t like ICS on the zoom, are exactly the reasons why Jobs (and Sculley) were commited to proprietory architecture, and hate Android. They have to do with employing every engineering trick in the book to wring performance out of (otherwise) sub-par hardware.

Each issue he have raised (and they all boil down to performance other than the task switcher), speaks to end-to-end control over the device. Obviously apps written in Dalvik to earlier APIs will not call the newer high performance ways of doing things.

Google’s problem is that it can’t have it both ways, and neither can Jason. Liking the idea of NOT having an Ogre in charge of the app store means that you have to suffer the fact that many apps in the app store will run poorly (or not at all) on a given device / OS combination.

Not having an Ogre in charge of OS -> Device porting (and no control over the individual devices at all) means that the OS cannot by definition take any advantage of specific hardware cleverness to smooth over any rough spots (like iOS can and does).

In the short term, this means any given release of Android will suffer (in smoothness and performance) by comparison to a similar epoch release of iOS on similar hardware. However, the advantages of Android in this respect are that it will, over time, appear to get better as new devices are relased that exceed the functional performance of the original reference device, and patches are made to the OS that address issues that have been discovered since its release. So for example, a current Android 2.3 or 3.1 device today looks and feels much better than an early release device for the same OS version, and better than the iOS release of the same epoch.

As to the “bunch of cameras and ports that no-one uses…” statement – I honestly find that hard to believe on the one hand, and not a contributing factor on the other hand.

Apple has only one port for the main reason of controlling the accessories market. I cannot see the ports on the Android as contributing in any way whatsoever to affecting the performance or smoothness of the device. On the other hand, having a standard USB port is the best thing about Android – having it mount as a drive on my computer makes it so much better than iOS that that by itself is a “killer feature” for me. I also know several people who use the mini hdmi port on their devices. (I don’t because my tablet doesn’t have one).

As to hi-res cameras – I was at my toddler daughter’s Christmas Show at her Day Care, and right in front of me was a middle aged woman recording the scene on her tablet, and I have to say – if people of her demographics are using their tablets for this – then many people are. And frankly, it was doing a great job as far as I could see.

So, in summary – expect a few issues with a new Android OS release. Don’t expect it to exceed a similarly timed iOS release until it has matured a little. However, 3 months is a lifetime and by June, ICS devices will be kicking butt and taking names. You can quote me on this.

Android vs. iPhone

MG Siegler – a blogger who runs the site ParisLemon <http://parislemon.com/post/15604811641/why-i-hate-android> writes about the past, and Googles’ failure to sell smartphones unlocked for $99 that would allow consumers to “give it to the carriers”. To me, the whole rant sounds and feels like democrats who are not going to vote, in protest over Obama’s failure to carry his agenda over a grid-locked Republican controlled, highly partisan congress. In fact all his rants sounds like that, including his similar rant about Android’s openness.
Everything needs to be considered from the now. There really is nothing else. I too bemoan the fact that there are no cheap unlocked phones that I can buy a SIM for, and use without contract. I too wish that Google had the intestinal fortitude (and wireless spectrum chest) to do battle with the carriers and win. But it did not happen. Life does move on.
Right now, there are extremely powerful, attractive and functional Android phones available that are, for this user (and obviously many others)  viable alternatives to the iPhone. Not shabby alternatives, but superior ones. I use, every day, many features which I consider essential, that came in the box on my supposedly inferior Android phone. Many of those features are available on the iPhone, but several are not. My wife has had a 3GS since they came out, so I know that of which I speak.
I terms of apps, to mention a couple I speak specifically of Google Navigation – far superior to anything on the iPhone. I travel regularly across the border, and Google Nav has been our GPS many times. There have been hitches, but few and far in between. Calendar – the iPhone has nothing in power and flexibility by comparison. Frankly, I manage my life using the Calendar. Between myself and my wife (who has to scrape by with an add on paid app called goo-sync) – we use 6 calendars, all merged and colour coded into a single sweeping screen of activity, accessible on any computer/tablet/phone we are logged into. There are numerous other apps that I use regularly that I find the Android version either better, more flexible on Android, or simply unavailable on iPhone. I am sure the reverse is true somewhere, but I haven’t come across it.
The music player – the iPhone plays only mp3, wma and mp4. We (my wife and I) have a huge collection of CDs, and I have ripped them all to flac, and then converted them to .ogg files. I chose ogg, because it provides the best sound for a given compression that I could find. I even created a blind tester, where I used a script to play a sample of the same songs on each player in random order, and submitted my vote. Across 100 test runs, 67% favoured ogg, with 13% neutral and only 20% in favour of mp3. BUT: the iPhone won’t play .ogg files, and I cannot install a player that will. So in order to support my wife’s iPhone, I have to create another copy of every music file in .mp3 format.
Then we have iTunes – an ill-behaved monster of a Windows program that sucks CPU and HD activity. It will NOT work correctly with a network drive – making nonsense of the family effort to consolidate our music in one place. The Android on the other hand lets me drag and drop practically any music file format under the sun onto the phone as an external drive via usb. In fact, I can drag and drop any file at all, and if I have an app that reads the file, I will able to use it on the phone as soon as I have disconnected the USB. No iTunes, no windows app at all.
I can run an ssh terminal shell on my Android, that lets me log in remotely to my server when away. I can use VNC to connect to a remote windows machine over an ssh tunnel (I mention this because in spite of most peoples eyes glazing over at this point, when I was running my tech business, it saved my butt when traveling to far off places).
Android phones use a standard USB cable. I have the choice of all-screen, or physical keyboard. I have an array of add-ons such as an external screen and keyboard. I can tether my laptop(s) to my Android when I am out of free WiFi range – a feature that is indispensable at  the moment since my new ISP has cocked up their installation appointment. My wife’s iPhone cannot do this.
Before anyone wonders – I am using an old (3 years) Acer Liquid E. It runs Android 2.2, and it is far more useful to me than iOS whatever. When this phone keels over and dies (and it shows no signs of doing so) I intend to replace it with another droid, and the above is all part of why.
You can hate Android all you want for its failure to be all that it could have been, but I ask you this: did Apple do any better on the same issue. Can you buy a $99 iPhone and “stick it” to the carrier without a contract? It will never happen. At least Google tried.

Game Hackers

I recently followed a link to the Code Project’s Lounge, where the following was posted:
“I’ve been enjoying online games for about 12 years. 

In every online game I’ve played sooner or later someone develops a hack (aimbot, speed hack, etc) and makes a little bit of money marketing it to other players. For a recent example see the Mass Murder hack for Battlefield 3: Mass Murder[^]

There are a couple of things that I understand:
1: I understand developing such a hack can be a fun challenge.
2: I understand that the hack has a humorous side to it.

That said, in the end a bunch of paying customers for a company are having their entertainment ruined by people who obviously have no interest in playing the game with any integrity. Time and time again I’ve seen hundreds, and even thousands of people, disrupted because of these sorts of hacks. This seems to be a threat to real people’s livelyhood and it ruins the fun for many paying customers.

I know it seems draconian, but I’d like to see hard jail time for the people who develop these programs. Somehow, I think if I could program McDonald’s coffee machines to spray the interior of restaurant that I’d get some jail time for that behavior. If I could program Ford automobiles to flash their lights randomly or cause city buses to be late there would also be severe punishment.

Maybe I’m getting old – but one thing I really dislike about the internet is the sub-culture that seems to feed off making other people’s lives miserable. It would be nice to read about these “shops” getting busted up and some hacker kiddies getting slapped around a bit. I realize the hacks are not dangerous and these are games, it’s just the opportunistic mindset of a n’vr-do-well that bugs me to no end.

It’s like they wake up and think: Oh, a new game. How can I ruin it for thousands of people?
Weeding these folks out of the gene pool would be good for the long term success of human kind.

Too harsh?”

 

 

It seems pretty clear from the diversity and tone of the replies that there are two camps here. One of people who have become frustrated by a poor online experience, and the other who seem rather blase about it, to the point where I would have to assume, since they see nothing wrong with the practice, that perhaps they too have used these hacks. 

Aside from the likelihood that the hack-users are probably losers in real life (since one can only hold down a decent job for so long as an active fraud), they are also diminshing the community they play in. The most affected are those who are not themselves extremely skilled – who are also most likely newer players. If you deter newer players, then you shrink the hobby. If you shrink the hobby, then you end up with less places to play, and less opponents to face, until you are in a pool with nothing but other hackers.

Perhaps that is punishment enough – but it fails to address the real money and time invested by people trying to enjoy the hobby without cheating.