Schneier on Passwords

I’m a big fan of Bruce Schneier, I think he’s probably the best plain-speak security guy around, one that can see past the bluff and bluster to the underlying issues. He calls the TSA and their ilk on bullshit airport security procedures regularly, for example, and watching him out the latest “unbreakable” cipher as complete guff is a wonder to behold.

In this Wired article he goes into how easy most passwords are to crack, including – much to my surprise – passwords that I would have considered relatively secure, such as a pronounceable root with an appendage. I found the comparative frequencies of prefixes and suffixes particularly interesting. Of course, as Bruce constantly tells us, security is relative, so your passwords should be too.

Here’s the critical paragraph, although I’d recommend reading the entire article for context, and just because it’s as well-written as nearly all of Bruce’s pieces:

So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle.

I agree strongly with his recommendation that a password store should be used by anyone needing to deal with large numbers of passwords. Personally I use KeePass, but I’ll be switching back to PasswordSafe shortly because no matter how hard I try, KeePass databases simply can’t be used across platforms.)

Upside-Down-Ternet

Did I post this before? Dammit, so what if I did, it’s the berries!

Upside-Down-Ternet

The Wisdom of Parasites

Absolutely bizarre. And disgusting. And fascinating!

The Loom: The wasp slips her stinger through the roach’s exoskeleton and directly into its brain. She apparently use ssensors along the sides of the stinger to guide it through the brain, a bit like a surgeon snaking his way to an appendix with a laparoscope. She continues to probe the roach’s brain until she reaches one particular spot that appears to control the escape reflex. She injects a second venom that influences these neurons in such a way that the escape reflex disappears.

From the outside, the effect is surreal. The wasp does not paralyze the cockroach. In fact, the roach is able to lift up its front legs again and walk. But now it cannot move of its own accord. The wasp takes hold of one of the roach’s antennae and leads it–in the words of Israeli scientists who study Ampulex–like a dog on a leash.

Happy Christmas

Personally I think it’s over-rated, but I’m sure you suckers love it just as much as my demented gf, so Happy Christmas to ye. Have a great day.

I’m getting the major family stuff out of the way by 3.30, then I’m getting locked.

20 facts about eVoting in the US

I’ve cherry-picked the best ones from the list, some of which I knew about and bear repeating (the quote from the boss of Diebold) and some of which I wasn’t aware of (Jeff Dean planting back doors is software).

1. 80% of all votes in America are counted by only two companies: Diebold and ES&S.

3. The vice-president of Diebold and the president of ES&S are brothers.

4. The chairman and CEO of Diebold is a major Bush campaign organizer and donor who wrote in 2003 that he was “committed to helping Ohio deliver its electoral votes to the president next year.”

5. 35% of ES&S is owned by Republican Senator Chuck Hagel, who became Senator based on votes counted by ES&S machines.

6. Republican Senator Chuck Hagel, a long-time friend of the Bush family, was caught lying about his ownership of ES&S by the Senate Ethics Committee.

7. Senator Chuck Hagel was on a short list of George W. Bush’s vice- presidential candidates.

9. Diebold’s new touch screen voting machines have no paper trail of any votes. In other words, there is no way to verify that the data coming out of the machine is the same as what was legitimately put in by voters.

10. Diebold also makes ATMs, checkout scanners, and ticket machines, all of which log each transaction and can generate a paper trail.

12. Diebold employs 5 convicted felons as developers. These are the people who write the voting machine computer code.

13. Diebold’s Senior Vice-President, Jeff Dean, was convicted of 23 counts of felony theft in the first degree.

14. Diebold Senior Vice-President Jeff Dean was convicted of planting back doors in his software and using a “high degree of sophistication” to evade detection over a period of 2 years.

vBulletin threatens site over ‘depravity’

Jelsoft is the British developer of the popular vBulletin forum software that I use on Foot.ie and several other sites. They pay a third party, Howard Spinks, primarily to manage their licencing, but also for plausible deniability in the cases where he fucks up. (He’s your lawyer Jelsoft; he’s your responsibility.)

Like this one, where he’s effectively ordered a site to remove “morally devoid” comments from the site in order to “avoid a likely revocation of license”. Or the time he threatened me with legal action – despite having zero ability to follow through on it – because he didn’t do his homework and check licencing correctly. In other words he’s a scumbag opportunist that gives real lawyers a bad name.

Whatever about the moral standing of the posts in questions – I don’t doubt they were dodgy – trying to somehow police how software is used is not just ignorant, it’s positively stupid. One can only hope Jelsoft will finally put this monkey outside the door. They’re already trying to put the fire out on their forum.

Samba dev quits Novell over patent agreement

And joins Google apparently.

Mary Jo Foley: The word is out: Lead Samba developer Jeremy Allison has quit Novell in protest over the Microsoft-Novell alliance, unveiled on November 1. What isn’t widely known, at least so far, is that Allison is joining Microsoft rival Google.

YouTube as a forum? Ewwww! But…

Apparently the deaf (is that PC?) are using YouTube as a public forum, in much the same way most of us use threaded and flat forums like vBulletin and phpBB. What a brilliant use of technology, and a perfect example of one of those things that seems utterly obvious when you think about it. But you didn’t think of it. :)