Posts

Posted on

Password Hygiene for Regular People

Even the passwords we once considered “strong”  have become almost trivially easy for sophisticated crackers to break. With massive arrays of very-fast processors, lightning fast graphics cards, and extremely sophisticated cracking techniques, hackers are making mincemeat out of stolen password databases, and openly trading them on the black market.

Most “average user” passwords now fall so easily that some in the security community feel the username/password mechnanism itself must be traded in for something entirely different, like biometrics. But until that time comes, you need to be doing everything you can to make your passwords as secure as possible.

correcthorsebatterystaple

The purpose of this piece is not to scare you, but to give you the tools you need to stay safe.

There’s a ton of advice floating around out there on what makes for a good password, how to create memorable (and easy-to-type) passwords, and how to keep track of lots of different passwords. Unfortunately, a lot of that advice is written by geeks for geeks, while the people who generally need the advice the most are “regular” (non-geek) users. If you’re a geek, chances are you’re probably already doing most of this stuff. This article is an attempt to summarize the best password hygiene advice out there for your parents, bosses, aunts and uncles, and non-geek friends.

There’s a twist at the end, plus an explanation of the graphic above, so please read all the way through.
Continue reading “Password Hygiene for Regular People”

Posted on

Maker Faire 2013

I’ve been taking Miles to Maker Faire every year since it launched in 2006, making this our 8th. It’s different every year – sometimes better, sometimes worse. No question it’s become more popular (for better and for worse) and less dangerous over time. With every passing year, there are fewer exhibits that can take your head off, singe your eyebrows, or help you lose a limb. And there’s an increasing emphasis on crafty stuff, things you can do with kids, etc. The maker movement has become more mainstream, less Burning Man, and more accessible. But there’s still no better place to experience such an awesome array of things to do with your kids, concentrated in one place. Despite the crowds and the impossible traffic, we still consider it worth going.

Tough Art

A few highlights from this year’s event:

  • Giant vat of the stuff they fill disposable diapers with. Neither wet nor dry, it feels surreal and rubbery to the touch. Amazing in large quantities.
  • The usual amazing Tesla Coil demonstration
  • Guy playing a homemade didgeridoo/drum kit rig
  • Cupcake cars driving around
  • Biggest bin of iron filings and rare earth magnets I’ve ever seen
  • Immense arrays of bubbles being dispensed from long loop/string invention
  • Giant replica of Milton Bradley’s original Mousetrap game, including 400-lb steel bathtub and real bowling balls.
  • Adam Savage in person!
  • Miles got to make a bizarre vuvuzela-type noisemaker
  • Bike-like vehicle driven by the motion of the rider pumping up and down rather than pedaling
  • Solar powered cars
  • Mind-blowing 3D printer creations
  • Hands-on metal stamping with 1-lb brass hammer
  • Pedal-powered llama-shaped cars with articulated head
  • The usual assortment of crazy bicycle-like inventions
  • Entire city made of tightly wrapped masking tape (hard to describe, but incredible)
  • Make your own steampunk goggles booth (for kids)
  • Biggest paella cooking trays you’ve ever seen
  • Blue Man Group-style PVC acoustic marimba
  • Stilt walkers everywhere

… and we didn’t even get to see 50% percent of it.

Mousetrap

Flickr set

Posted on

Building a GPA Calculator in Angular.js

I’m awed almost daily by the simplicity and elegance of Angular.js. By eliminating all of the DOM access syntax we’ve come to take for granted in jQuery and friends, and by giving any element on the page a live, two-way data binding relationship with your business logic, Angular lets you create anything from simple widgets to full-on Single Page Applications with the fewest lines of code possible.

I recently created a live GPA calculator as part of a large SPA I’m working on in my day job, but have boiled it down to its bare essence for this widget demo. Try changing the dropdown options here and watch the GPA calculation change in real-time:

View html | View script

In this example, we assume that a student’s current course load comes in over the wire with course names and units. We iterate over the course set and, for all courses being taken for a letter grade, multiply the numeric weight of a predicted grade by the number of units. Those scores get added up, then divided by the total number of units. When a new grade estimate is selected from a dropdown, we need to recalculate the whole aggregate. Let’s step through it.
Continue reading “Building a GPA Calculator in Angular.js”

Posted on

Barracuda’s RBL Stops Spam Cold

barracudaI’ve run a small web and mail hosting business on the side for around a decade. The hosting platform I use (cPanel) comes with spamassassin and support for a couple of real-time blacklists (zen.spamhaus.org and bl.spamcop.net) built in. On top of that, I’ve compiled in Razor, DCC, and ClamAV.

But with spam control settings set to their highest levels, I’ve struggled over the years to keep fall-through spam from reaching the mailboxes of my power users – the spammers  just move too fast,  are too crafty. Spams that look the same from day to day actually have quite different signatures, and manage to evade my arsenal of tools. It’s been incredibly frustrating.

A few months ago, I came up with a set of techniques to let desktop mail clients train the server-side Bayes database about what’s spam and what’s ham. That worked well for a couple of months, but eventually the Bayes dbs became polluted with false hits (probably a result of users incorrectly marking / not marking messages). Is it even possible to operate as an organization smaller than Google and still guarantee low spam levels for users?

Real-time blacklists (RBLs) tap the hive mind – the collective judgement of thousands of human users spread around the world, marking ham and spam every minute of every day. When all of those judgements are collected into a single, continuously evolving database that any host can tap into, it should be possible to create an almost perfect blockade. We know that Akismet has made their RBL work amazingly for weblog comment spam (as I write this, Akismet claims to have blocked 54 million comment spam today alone).

RBLs always seemed like the smartest way to go, but spamhaus and spamcop sure weren’t getting the job done. Doing research in the cPanel forums a few days ago, I discovered that Barracuda Networks, who make a series of firewall appliances for enterprises, maintain their own RBL and provide free access to it for organizations like mine.

Decided to give it a whirl and was blown away. Within 24 hours, the amount of un-tagged spam getting through to my users had dropped to a trickle. I haven’t found an anti-spam tool this effective since… ever. It took almost no effort to set up, and will require almost no effort to maintain in the future. Super stoked.

To the great engineers at Barracuda: The internet thanks you.

Update: A couple of months later, I no longer feel quite so positive about Barracuda. Yes, it’s definitely a help, but not the silver bullet I called it above.  I do keep Barracuda running, but overall, spam numbers are worse than ever, and there’s tons slipping through that neither SpamAssassin nor Barracuda are catching.

 

Posted on

Tour de Cure – Riding Against Diabetes

Growing up, I watched as my grandmother struggled to keep her insulin levels under control. As an adult, I watched as my father-in-law did the same. Ultimately, diabetes was a contributing factor in both of their deaths. It runs in the family.

Next weekend, our family will ride 25 miles in the American Diabetes Association’s Tour de Cure to help raise money for diabetes research (I wanted to ride 75 miles but it was more important to be able to stay with Miles on his longest ride yet). We are riding because it is an opportunity to change the future and to make a positive impact in the lives of those who are affected by diabetes.

Rest stop in the vineyards

I just signed up to ride in the American Diabetes Association’s Tour de Cure. I’d like to invite you to support me in my efforts to Stop Diabetes!

Tour de Cure is an opportunity to change the future and make a positive impact in the lives of all those affected by diabetes. And it’s a great ride!

Chances are, you also know someone who has been affected by diabetes and you already know how important it is to stop this disease. My goal is to raise . Will you join me by visiting my personal page and making a donation?

By supporting me, you will help the American Diabetes Association provide community-based education programs, protect the rights of people with diabetes and fund critical research for a cure.

The power we have together far outweighs what I can do alone. Please join me by donating to this great cause – it would mean so much to me!

Thank you!

Scot Hacker

P.S. Thank you for considering making a donation to my efforts! Also, if you’re interested in riding, I’d love the company! Visit my personal page or the Tour website for more information.

Update: The ride was fantastic, and all of us completed 25 miles, no sweat. Together, we ended up raising more than $700, strengthened our bodies, and had a great time. Some pics from the day in this Flickr Set.

Untitled

Team Lanesplitter!

Posted on

Searching for Sugar Man

New at Stuck Between Stations, my mini-review of the fantastic documentary about the life of Detroit troubador Rodriguez, Searching for Sugar Man.

Meanwhile, a couple bootleg copies of his records somehow made it to South Africa, where his music became the soundtrack for the young adult revolution against apartheid. “Cold Fact” and “Coming From Reality” became record collection staples of pretty much every South African. “If someone had Beatles and Stones records, they had the Rodriguez records too.” In fact, most South Africans will tell you today that Rodriguez was bigger than the Stones in their country.

Searching-for-sugar-man-poster

Posted on

Wildcat Canyon Circuit

22-mile solo training ride around and through Wildcat Canyon today, gearing up for Tour de Cure! New personal best – averaged 13.78 mph, taking into account uphill, downhill, photo breaks and stop signs.

wildcat

Wildcat Canyon Circuit