Wednesday, December 26, 2007

Eat your heart out Walt Disney

I have decided I am going to take up a life in the theatre. I plan on working in the field of ice ballets. My first production will be a social commentary on the winter driving habits in the Pacific Northwest. I shall name it "Roundabouts on Ice".

I live somewhere between Seattle and Portland. We got a nice skim of ice on the roads this morning. I'm assuming it's due to freezing rain, but I didn't actually stop and interview the ice. I drive a small little car. It handles WONDERFULLY in icy weather, it's very similar to a snowmobile. But even I was having trouble this morning...

This area is well known for it's use of roundabouts, a funky sort of intersection that requires you to drive in circles until you feel dizzy. Cover these things in ice, and insanity happens. I come from the Midwest, where ice was easily battled with salt and sand. Apparently here, they don't believe in the magic powers of salt and sand. Instead everyone drives 5 miles an hour in the round abouts, run red lights because they can't stop, and fishtail all over the highway. They also like to panic and slam on their brakes.

I admit, it was bad road conditions. I did not expect it this morning, but I did have a warning before I hit the roads. And I can understand one or two mistakes being made on the icy roads. But I think they would do well to have someone actually tend to the roads. These people are not used to driving on icy roads, why make it more complex than needed?

Monday, December 17, 2007

Where have all the geeks gone?

I watched I Am Legend this weekend. It was great, I loved it. It was a drama, when I was expecting a horror. Very fantastic movie.

I suggested my coworkers go and see it when they get a chance, and that got us talking about movies. One of them suggested that Transformers was the movie of the year. Seemed reasonable, but I said Pirates was in the running too, which they responded with 'meh'. 'Meh'?!? It's pirates! But alright, not everyone has the same tastes.

Then I mentioned the preview at the beginning of I Am Legend, the preview for the new Narnia movie. Oh it looked great! My coworker than said "I didn't see the first Narnia." I kinda blinked at him and asked if he read the book, he said "It was a book?" I kinda rubbed my temples, and said "You might like it. It's big, epic, awesome. The cinematics reminded me of the big battle scenes in Lord of the Rings." He said "I didn't watch that either." To which I responded "Wait, what? You didn't watch Lord of the Rings?!?" He kinda looked at me funny.

I shouted across the cubicle walls at the only other coworker that was in the office at the time "PLEASE tell me you have seen Lord of the Rings!!!" I got the response of "Uhm, I watched the movie once, I think..."

These people are programmers!!! Yet, they are not geeks. It is so strange. My Star Wars jokes fall flat on their ears also. The best I have gotten out of them is that most of them have seen Wrath of Khan (but they don't know it by name, I just say "That Sci-fi movie where they put the bug in the guy's ear" and they say "Oh yeah, I saw that once").

I think I might start performing experiments on them. Expose them to pieces of geek culture and see how the react to it. Will they embrace it? Will they reject it? Will they begin flinging their poo?

Thursday, December 13, 2007

N07 L337: Word of the year

Merriam-Webster every year holds a contest to see what should be the 'Word of the Year'. Who votes on these things? I haven't actually checked yet, but I am willing to bet very large sums of money that the vote is on the net, and that English professors don't vote much.

This year's word is: w00t

Don't be confused, those are indeed zeros. Yes, the time has come. L33t speak has made it to mainstream. Is it so elite now? The funny part is that this word hasn't even made it into the dictionary yet. The word of the year isn't even a word yet.

If they start adding l33t words to the dictionary, how will they be listed alphabetically? Things could get very complicated... for example, if a l33t word begins with E, we would instead use 3, but if a l33t word begins with A, it will use 4 (or sometimes on rare occasions @). But 3 comes before 4 in the standard alphanumeric, but A should come before E...

Runners up to the word of the year contest include: facebook, conundrum, quixotic, blamestorm, sardoodledom, apathetic, Pecksniffian, hypocrite, charlatan

What a fascinating list of words that is! I would classify all but facebook as being rather pessimistic words. They are so very 'glass is half empty', and some of them are a tad 'glass is empty because I threw it at the fucking wall'.

I think this clearly shows the direction that the world is going in... The words we use to signify this year are mostly pessimistic. However, the winning word is a neologism that signifies happiness, in a way that is young, upbeat, and digital. As a side note, in the unpopular MMORPG known MxO (Matrix Online) I played a hacker called: n07 l337 (yet everyone insisted on calling me 7, or Number 7... some even thought it was a reference to 7 of 9).

TPS Reports

I went to a conference last month, which was paid for by the company that employs me. It was a 3 day stay (two nights). I however am 90% college student, so on the first night I ordered Papa John's Pizza, which I ate for breakfast and dinner for all three days (using lined paper for a plate, and drinking Mountain Dew which I had brought with me).

When I got back, I filled out the expense reports. I attached my two receipts, and got the forms signed by the appropriate people. When I turned them in, I was informed that I needed the Visa statement with it also, so the forms were rejected. Today the statement came in, so I refilled out the forms, got the appropriate signatures, and resubmitted the paperwork. They then informed me that it was the wrong paperwork. So I filled out the correct paperwork, reattached my two receipts, got the signatures, and submitted them again.

At this point I was informed that the descriptions on the expense report were not very detailed. I had put down "Pizza for conference" when apparently I was supposed to put down "Papa John's Pizza - Pizza for conference". I also did not list the name of the hotel in the description of my hotel room. I only had 2 items, it was easy, they could have filled out the paperwork, they could have guided me through it. Or even better, they could have looked at the Visa statement and said "Gee, that's when he was at the conference, I bet that pizza was what he ate down there."

Next time, I'm going into more detail. It shall be "Papa John's Pizza - 1 large pizza with extra cheese, no other toppings. 1 garlic breadsticks. - Ate 2 slices of pizza on November 8th 8:30 pm, 1 slice on November 9th at 7:24 am and also at 9:44 PM".

I know, even better, I'll go ahead and order a pr0n movie on the pay per view in the hotel next time. That way when I fill out the description I'll go ahead and say what the movie was. I'll even describe what all positions were used. I mean, wouldn't it be better to be fired for something like that than to go insane mumbling something about my red stapler?

Thursday, December 6, 2007

MMORPG's can save your life

Finally, my belief that MMORPG's can save your life has been confirmed. A 12 year old Norwegian boy battled a real live moose and lived, all because of MMO's. The full tale can be read here. If you know Norwegian that is.

But if you don't know Norwegian, I'll sum it up for you. This 12 year old boy and his sister are walking through the woods IRL (they were probably hunting rats grinding XP or something). His sister Cheetah'ed and ran. But the hero boy (or would idiot be a better term?) decided to taunt the moose. The moose attacked. Luckily the boy's backpack had a deflection bonus. He was knocked to the ground, but was not harmed. So he decided to play possum, and feign death. The moose fell for it.

In the end, the boy and the girl survived. Another group of adventurers formed a raid and killed the moose. The noobs of Norway rejoiced. You might find this humorous, but in truth the boy said he learned the FD ability from playing WoW. Personally, I prefer Everquest 2, as there are less 12 year old boys that think they can pwn moose.

Wait, they have moose in Norway? I thought they were all in Canada eh?

Friday, November 30, 2007

Pattern Recognition

A good friend of mine (you know who you are) sent me a link to a very odd thing on Amazon. Uranium. That's right, you can buy Uranium on Amazon. Don't believe me? Go check it out.

Now, I'm not worried about people making nuclear explosives. I'm also not worried about dirty bombs. It's a very small sample of uranium. It's intended for testing Geiger counters. Most smoke alarms actually contain small amounts of radioactive materials. This is a relatively safe and harmless piece of uranium. And at the cost they are charging, it would cost an insane amount of money to get enough to cause trouble with.

Although it is still just odd. I mean, who would buy uranium on Amazon?

Well know what is even weirder than that? Scroll down about halfway on that Amazon page and check out the "Customers Who Bought Items Like This Also Bought" section. Well, now we know what sort of person would buy uranium on Amazon...

Monday, November 12, 2007

Best Birthday Ever

This year was quite likely the best birthday ever for me. My actual birthday I was at a conference in Oregon, but that's not what made it great. It was the weekend AFTER my birthday that was great.

We went to a Suzanne Vega concert in Seattle. It was at a club, not an amphitheater, which was great in my opinion. Standing room only. We were lucky enough to be very near the front. I think it's safe to say I was within spit wad distance (no, I didn't test that).

The music was great. She opened with Tom's Diner, a cappella. It was great! She gave some of the background story behind a few of the songs too, which was fascinating to hear. She talked about how New York is a woman (not always very lady like though) and asked if Seattle is male, female, both, androgynous... The response of the Seattle crowd was: "Coffee Bean!!!"

It was really wonderful to be surrounded by a bunch of folks that were just there for a great time. There were all types of people there. Hippies and people in business suits, and everything in between.

The next day I purchased her latest album off of iTunes, which was pretty good.

Here's some interesting little facts about Suzanne Vega that most people don't know... When the mp3 format was first being tested the benchmark was her song "Tom's Diner". Also, she was the first recording artist to perform live in the digital universe Second Life. Plus her music is just cool.

Tuesday, November 6, 2007

Foods my accent hates

I hate chipotle. I detest it. I love the taste of it though. Know why I hate it? Because my Midwest tongue can't pronounce it. Chipotlee? Chip o'lay? Chee... wait, what? Every time I try and order this somewhere, I somehow manage to slaughter it. I know, it's proper pronunciation is chi PO lay. Great. It comes out Chip O'Lay instead. It doesn't sound Mexican when I say it, it sounds Irish, like O'Malley. I hate it. Stupid gringo tongue.

How about Gyro? I have a scientific background... I think Gyroscope. Something that spins. So it would be Jy roe, right? Well, sorta. I mean, it's based on the latin word meaning to spin: gyro. But that's not really how it's pronounced. It's a softer G than the Midwest American G or J. Almost a Hyro. But not High Roe, you need to roll it more. Great, now let's see if I can say it again without sounding like I'm a German saying Cairo while coughing up a hairball.

I know! I'll pretend to be a mute! I'll just write down on paper "I want a Gyro with Chipotle sauce, thanks". Yeah!

Thursday, November 1, 2007

Sandwich Folding - Not the Holtzman Effect

Yes, I know, I already blogged today. I know what they say, blogging twice in a day will make you go blind... But this simply must be discussed!

Sandwich folding. The simple task of taking one piece of bread, putting something in it, and folding it. Often times referred to as a single bread sandwich. Usually this is done with peanut butter and jelly sandwiches, or similar contents.

I am a side to side folder. When I fold a sandwich, I make it so that the left and right side touch each other. I had always assumed this is how everyone else did it, until I got married. My wife does not have a particular sandwich folding strategy. Sometimes it's top to bottom, sometimes it's side to side. When I asked a wise friend how he folds his sandwich, he simply replied that he does not fold sandwiches.

But when my wise friend cuts his two breaded sandwiches, he cuts them top to bottom. So if he did fold sandwiches, would he likely fold them side to side like me? Well, this can't be certain. My wife almost always cuts sandwiches top to bottom. And me, a dedicated side to side folder, will cut sandwich diagonally.

I can not judge my friend for not folding sandwiches though. Because I am so dedicated to folding that I will rarely have a two breaded sandwich. I will instead make TWO one breaded folded sandwiches. So his eccentricities with not folding can be excused in the light of my eccentric requirement for folding. It goes so far that often times I will fold sandwiches that do not lend well to folding, such as a bologna sandwich (which my friend declared as blasphemy).

As I mentioned before, if I do have a two bread sandwich, I cut it diagonally. Usually these are cooked sandwiches that are almost impossible to cook in a folded state. This then raises the question, does anyone fold their sandwich diagonally? I shall try it sometime, and see if it affects my sandwich in any way.

In the end, it doesn't really matter. I enjoy a sandwich regardless of it's folding, as long as it is folded. After all, it is just a sandwich.

And into November

Well, Halloween is over. I was a musketeer this year.

November looks to be an interesting month. I'll be traveling to a conference over my birthday. My wife starts her new job. Rise of Kunark comes out for Everquest 2. It's just a jam packed month! If I can get away with it, I might not celebrate Thanksgiving just to keep myself sane (although, I might still do the day after Thanksgiving shopping, yeah, I'm crazy like that). I'll be taking off this Friday just to get things done that I have not had the time to get done (like getting a new driver's license, changing my voter registration, boring stuff like that).

On a completely unrelated note, the blinker on my car broke. More accurately, the lever snapped off. The lever is dangling by a wire. The wire is meant to control my non-functional cruise control. When it broke I couldn't inspect it very well since it was dark out and the interior lights don't work. There is also that weird squeel from under the hood, I think it's a slipping belt. The rattle is nothing serious though, I know that's just the dashboard that's kinda loose. I would get these things fixed, but I think the cost of getting them fixed would be more than the value of the car. Not sure what they call cars like this in my new state... We used to call them the non-PC term of 'rez runner'.

Friday, October 26, 2007

An it harm none, do what ye will - Hacking

I don't tend to hack anymore. Not only is it dangerous, but it is also often times harmful.

I've never been a fan of any black hat hacking. Destroying stuff just because you can isn't cool. It's destructive. What are black hats trying to prove? Superiority? Intelligence? Well, it fails. It takes a lot of skill and talent to create something beautiful, but it doesn't take much creativity or talent to take a crowbar to it and destroy it.

White hat hackers are almost as bad as black hats. They do it out of some form of purifying. They hack to 'teach a lesson' to someone, who they judge as being deserving. They believe their actions, legal or illegal, are justified because they are on the side of 'right'. Do the ends justify the means? What about those that get caught in the middle, the collateral damage?

Brown hats are the ones that just can't pick a side. Are they the bad guys or the good guys? What do they hack for? Sometimes they break stuff because it's fun, sometimes they break something because the other person was 'a bad guy'. True Neutral? I doubt it. They are motivited by the same thing as most hackers, the desire to prove something, even if it's only to themselves.

That being said... there are reasons to hack. Today I hacked. I contemplated the hack. Would it even be considered a hack? I am pulling some files off of a server that I was not intended to have copies of, I am tweaking a little script to run outside of it's home... I am doing something with all of these that the owner did not intend. It required knowledge of code. It required knowledge of scripts. It required knowledge of servers. Was it 'Hacking the Gibson'? Oh heck no. This was a little thing. Minor. Small fry. It's a hack that many non-hackers could do. I often times wouldn't even refer to it as a hack.

So if I don't like the reasons most people hack, why did I just do a hack? Oh, simple really: it harmed none. Not only that, but I think it will be good for some. If I could have gotten a hold of the fellow that owned these files, I am pretty sure he would have gladly given me permission to do exactly what I did. His creative work will be shown to a group of people who really deserve to see it. They will likely love it, and it will probably make some of them cry with happiness and sadness both.

So for an event at a VFW that doesn't have an internet connection for their presentation: Here it is, comin at you Lo Tek style!

Monday, October 1, 2007

Digital Democracy

New Zealand has taken a new angle on democracy. Their current legislation is over 50 years old, and just can't keep up with the changing world anymore. It's been in need of a serious overhaul for many years.

So they built a wiki site, and are letting citizens help edit the new laws. At first this may seem a little shocking, but it makes sense. Who all will have a voice in the creation of these laws? Lawyers, taxi drivers, police, jaywalkers, criminals, and most importantly: law abiding citizens. They will ALL have a voice in how the law is written. They won't be just voting for someone that will hopefully have the needs of the people in mind.

Personally I think this is a GREAT thing. The universe may move towards entropy, but society moves toward stability. Humans want to live in safe places, and have laws that keep them safe while not being overly restrictive. But it has previously been impossible to ask EVERYONE for their input on EVERY topic. Allowing everyone to edit the bills that will become laws means that everyone CAN have a say, if they want to.

Of course there are downfalls to such a system. Most notably in my mind is the 'vocal minority' issue. If there is an issue that only a very small group of people actually care about, they can do some rather serious changes because no one else really thinks it's enough of an issue to vote (or edit) against. If the majority of the population is apathetic about a decision and abstain, then the vocal minority can still get the laws changed. Of course, it could also be said that politicians in other forms of democracy are the vocal minority, so perhaps this isn't as big of a problem as I think.

I think it's a very cool idea. I think it has the potential to work out quite well. I applaud New Zealand for being the brave people to take on being the test case for this. I do hope it works; it could make democracy fairer, more honest, and more tailored to the REAL needs of the people. Now it's just time to sit back and see what kinks NZ happens to dig up...

(Inspired by another blog post I read by someone else. I forgot to bookmark it though... but if I find it again I'll include a link here so that you can read their opinions on the idea too)

Thursday, September 27, 2007

Humanity versus Security - Part 2: MFA

This is the second installment in a multi-part string of articles discussing how security affects the 'human' aspect of computing. Security is a very important issue in computing in this day and age. This is especially true on systems in which personal data about customers will be stored or handled.

As such, we try hard to increase the security of our systems, making it more difficult for hackers or other unsavory people from acquiring information they don't have a right to read. Sometimes however, making systems more secure and less simple for users makes systems less secure in the long run.

Multi Factor Authentication

Most everyone is used to the standard form of authentication in the digital world, a password. It turns out though, that there are multiple ways to authenticate someone. There are three very clear types of authentication:
Something you know - Such as a password or PIN (often times referred to Out of Wallet)
Something you have - A physical object (such as your ATM card or RFID badge)
Something you are - Something about the actual user (such as fingerprint, retinal scan)

Simply put, Multi Factor Authentication is using more than one of these to ensure that someone is really who they say they are. In order to be MFA, they must be authenticated by at least two categories of authentication. Authenticating twice from the same category is NOT MFA.

In 2005 the USA Federal Government mandated that all financial institutions must use MFA to reduce identity theft and increase the safety of members/customers while on the internet. This was in place outside the internet without anyone really noticing (such as your ATM card and PIN). They also require all financial institutions to use encryption.

The problem

There is the issue that it is not easy to implement MFA. It is a regulation that is not possible at this point in time. The government has mandated a form of security that is not practical to implement. And more importantly, it is not something that most people want to deal with.

The simplest form of "something you know" is a password. This can be in the form of a PIN, password, mother's maiden name, or complicated pass phrase. This is supposed to be something that is secure, and something other people would not guess. It should be "Out of Wallet", meaning that it is not something that could be guessed if someone were to compromise your wallet. But identity thieves are a tricky group. They can likely figure out who your mother's maiden name is easily using the internet, or perhaps observe you typing your PIN while at the ATM. Not only that, but the system is depending on the user picking a good secure password.

"Something you have" is harder to implement. In the physical world these can be security badges, ID's, RFID's, and cards with magnetic strips (such as Credit Cards). On the internet it is not so easy; in fact it is downright hard. Currently for high security systems (such as VPN's for large corporations or government) the users are given devices. Sometimes these devices are USB dongles, or smart cards. My personal favorite is the device that generates pseudo-random numbers. It will generate a number (as will the server, using the same time synced algorithm), which the user will enter in. Mostly I just like that one because it feels very James Bond. Of course, it's not practical to give every customer/member one of these devices. This form of authentication is not useful for the mainstream audience over the internet.

"Something you are" is indeed even harder. Usually this is employed using biometrics. The most common of which is the fingerprint. It turns out however that fingerprint readers are easy to fool (and the methods to fool them well publicized by Mythbusters). Voice recognition is not effective since it is a simple matter to record. Retina scanners are bulky and expensive. It is almost impossible to use this authentication over the internet. Not only that, but if biometrics are compromised, they are compromised forever (you can't simple change your fingerprint as you can with a password). The best option is to give a device to users that scan their fingerprint. This of course can't be given out to all the members of a financial institution.

So what do the banks and credit unions do? They require a password, your mother's maiden name, ask you what your first dog's name was, and a bunch of other questions. Is that MFA? No, it is not. Have I ever seen a true large scale MFA solution? No, I have not. MFA is effective in small scales only.

The biggest part of the problem though is that it is flat out annoying to have to jump through hoops to authenticate yourself. We all don't want the big bad wolf stealing our stuff, but we also don't want to be living in fear, or have to spend twice as much time just getting to our financial records. Why don't you frisk us when we walk into the nearest branch of our bank/CU while you are at it?

The Solution

Give up. No seriously, I mean it. MFA is not possible with our current technology. There are too many combinations of proprietary hardware out there to come out with a standard option (does that USB dongle work on mac/linux/windows/iPhone/Blackberry/Wii?). We do not have the technology out there for everyone to be scanning, encrypting, and transmitting their fingerprints to the servers for authentication. Devices get lost, fingerprints lifted.

When possible we should encourage small scale groups to use MFA, especially if they have access to other people's info. However it is not practical to use MFA for every single user. Not only is it impractical, it's impossible. We should not be pushing regulations that are impossible to enforce. We should of course try research how and implement MFA in the future, but we also need to recognize that what we use in most cases now is not MFA.

Most importantly, users should be encouraged to choose good passwords that are truly secure. Don't write your PIN on your ATM card. Don't tell everyone your password. Protect it.

Thursday, September 13, 2007

Genius Plan (aka: fun with links)

So here's the plan. I need to steal a robot, and I need to kidnap a rocket scientist.

Using these two tools, we shall send a robot to the moon. And it shall move around 500 meters, and it shall take pictures of things. Maybe it will even snap some pictures of some old NASA junk that was left behind. We will collect our $30 million prize from Google for being the first privately funded operation to get to the moon with a robot.

Of course we'll give some money to OLC (who is likely who we would steal the robot from). And likely give a bit to Ted thanking him for his assistance (we will also release him from captivity if he wants, but only after he explains that equation to me again, because the last time he explained it to me I so didn't get it). Obviously some of the money will also have to go to posting bail after the kidnapping and theft.

But there should be plenty of money left over to take on our next step in the plan. We will work with Virtual Reality. We will combine full body sensor arrays goggles and a bit of wire-fu to create a full body 3d interactive VR experience. This will make us even more money of course.

This is just the start of the plan though! Oh it gets better! We shall reinvest that money into creating Holodecks! Of course we will license the name fro Startrek, and this corporation cooperation will be as big as iPod and Starbucks. Obviously this will completely crush the entertainment industry, which we will buy out completely. This will obviously bring in MASSIVE amounts of money.

But of course, we all know money can buy anything, even private plane landing strips on government airports. So that will let us push through new technology that will let people plug their brains directly into computers. We'll of course hook their brains up to our world wide entertainment system, along with lots of other software. We'll need a catchy name for it, something like Matrix or Web, but maybe not something that's taken yet (I kinda like the sound of Grid).

Ah, but here is where it gets REALLY tasty. These humans that we jack into the Grid, they have all this unused brain, all that useless computational power! So we will use their brains to run our distributed computing system (much like SETI@home). With that computational power we will find extra terrestrial life. And we will lure them here with tentacle porn. Once they are here, we will beat them up with Cheetos. We will then steal their space ship, and fly around the universe having a fun time.

Ah yes. It's a perfect plan.

Tuesday, September 11, 2007

Am I the demise or the future of humanity?

In the not so distant future we will all have RFID chips implanted in us. They will be used in place of credit cards and ID. They will let hospitals know all about our previous medical history when we walk in the door. They will be an electronic key for all sorts of things.

In the past we have replaced joints and various other body parts with synthetic materials, but only if they are defective. In the future we will be able to have elective surgery to replace our parts and pieces with more reliable lower maintenance higher performance synthetic parts.

Our brains will be plugged into the internet, with little video screens behind our eyes. We will have data storage in our brains so that we can record things and remember them better.

We will become synthetic, bionic, electronic. And I'm all for it!

Hook me up. Let me listen to my mp3 collection without having to carry an iPod and headphones. I would love to check the internet to see what movies are playing, and please give me directions of how to get there using my built in GPS device, because I'm lost again. What was that person's name again? Oh I see in my digital Rolodex in my brain who they are. You want me to rearrange the furniture again dear? No problem, with these new joints and muscles I can move our couch with ease.

No, I'm serious. I do want that. Yes, I want to put circuits in my brain. Yes, I'm okay with having an RFID chip in my hand that I can use to buy stuff. I would love a built in GPS device.

But they tell me companies could track my spending habits. So, you mean Best Buy could track what sort of purchases I make, so that they can more accurately offer me the goods and services that I am likely to want? They already do that with my Best Buy club card, and my Safeway card, and my Fred Meyers card, and my Borders card, and my Hollywood Video card, and my Mr. Movies card, and my Lovers card, and my AAA card, and my... well you get the idea. And of course on the internet every site has it's own login and tracking (amazon, newegg, etc). And honestly, is it such a bad thing if they can track what I buy? I'm not ashamed of anything I buy. Sure, I don't want a lot of the things I buy to be known publicly, but why would they be?

This is the future we are going towards. Do I embrace it? Yes. Does it diminish humanity? Yes, no, maybe. So are people like me the sort that are going to be the future of humanity or the demise of humanity? I dunno. Hook me up and let's find out.

Wednesday, September 5, 2007

Humanity versus Security - Part 1: Passwords

This is the first installments in a multi-part string of articles discussing how security affects the ‘human’ aspect of computing. Security is a very important issue in computing in this day and age. This is especially true on systems in which personal data about customers will be stored or handled.

As such, we try hard to increase the security of our systems, making it more difficult for hackers or other unsavory people from acquiring information they don't have a right to read. Sometimes however, making systems more secure and less simple for users makes systems less secure in the long run.

Password Complexity

One of the primary methods of securing systems is by using passwords. In a typical work day, I use four different passwords; however I have at least fifteen login/password keys associated with work. This of course isn't taking into consideration all of the personal login/passwords I have (personal e-mail, MMO logins, websites, forums, etc).

Many systems have different password requirements, such as: all lowercase, all uppercase, mixed case required, no digits allowed, digits required, must be under 8 characters, must be over 9 characters, and many other weird requirements. Some of them track the last few passwords you used and don't allow you to reuse them. Some systems are even so complicated that they require multiple passwords to get to successively deeper parts of the system, and the passwords are not allowed to be the same (there are even rumors of some systems that use heuristics ensure they aren't similar).

We are told that it is wise not to reuse your passwords too much, if one password is compromised, then all of them are. For example, if you used the same password for your online banking as a forum, and the forum is compromised, now your bank account is at risk.

Of course, forgetting a password makes the user feel stupid. Some systems are quite nasty if you forget your password. Some IT help desks are polite and understanding, but those are a rare thing.

The Problem

The problem with this entire password idea is that humans simply can't remember 15 passwords. So what do users do? They write them down. We carry around little black books filled with passwords, have post-it notes all over our cubicles, and text files on our desktops. If any of these are compromised, then all of the systems we are associated with are compromised, and the entire security breach is blamed on the human’s inability to manage passwords properly.

Well, that's simply not fair. Humans can’t be expected to remember that many passwords. By requiring complex passwords for absolutely everything, we in truth are reducing the security of these systems because we force the users to write their passwords down.

This problem has four distinct parts. The first part of the problem is the blame game. We blame the programmers, the IT, and the software if there is a security breach. This is what forces the programmers to come up with convoluted systems to shift the blame onto the users.

The second part of the problem is the policy creators. Legislators, compliance officers, and managers demand systems to be secure. They demand these things without realizing what goes into actually making a system secure.

The third part of the problem is the programmers and IT themselves. They are required to make a system secure, and do so without consideration of the humans that are using the system.

The fourth part is the users themselves. They refuse to learn to manage their passwords appropriately and securely.

The Solution

There is no one single solution to the problem of password complexity; if there was, every system would use it. However, communication between all involved parties will allow a solution to form that is beneficial to the system, without being a problem for the users. We need to realize that making the password systems more complex in truth make our systems less secure.

First off, we need to stop pointing fingers about who's fault it is, and instead try and figure out how to make systems secure without making it difficult for the humans that need to use it.

This would help reduce the making of pointless rules about security, and instead hunt for solutions. We need to trust our users a little bit more and give them a little bit of slack. It would also be helpful to explore new technologies such RFID tags and biometric scanners.

There are also devices that can store our passwords for us and use fingerprints or a password to unlock. These devices should be encouraged instead of discouraged. They enable users to write down their passwords but still keep them secure, and allow a user to only need to remember one. However, it should be researched which

Most importantly though, everyone involved needs to realize it’s a problem. If fingers continue to be pointed and blame shifted, no one will want to take responsibility and try and repair the situation for fear of being reprimanded when the system breaks. Users and policy makers need to educate themselves about security. First and foremost the programmers and IT need to help educate everyone, and study methods to increase security without removing the human feel.

Tuesday, September 4, 2007

Cold Water

Why is water cold?

No serious, why is it cold? When you get water out of a water fountain, or a water cooler, or at the tap, or at a restaurant, what temperature is it? Cold.

Do people actually PREFER cold water to drink? I asked around. Some people said they do, and that it is more refreshing that way. But has anyone actually done a study on the drinking of cold/hot/room temp water? Or is it just that we all think "Oooh, ice, yeah gimme some of that."

And that's another thing. Ice. Why do we use ice? Sometimes the ice kinda gets stuck, and makes a mini-dam that prevents the flow of the water, and then all of a sudden the dam gives way and it splashes water. Well it's not a big deal for most people. Sure, their upper lip got a little wet, but most of the water just goes right back into the glass.

But you know what? I have a mustache. It gets my mustache all wet. I hate it. And if I try and curl my lip out of the way so my mustache doesn't get all wet, then the ice clanks against my teeth. And I don't even like the water being cold in the first place! I prefer it to be around room temperature. So I have to put up with my water being cold, plus the ice abusing my mustache and teeth!

Have you ever seen a sober man drink out of a glass with ice happily? No! He'll ask for a straw if he can!

All of this because the water that came out of the office water cooler is too cold for my personal tastes. I think by the time I post this it will have sat in my sippy cup long enough to warm up.

Wednesday, August 29, 2007

Legacy System Programming: Bear Skins and Stone Knives

When I was growing up I learned BASIC. It was the first language I ever learned! I was writing on an 8088, a fantastic little computer that was older than I was. The first program I remember writing was a BASIC program that played Homeward Bound and Mellow Yellow out of the PC Speaker.

Since then I went onto college. I learned all about programming. I learned Java, C++, LISP, and a ton of others. I also taught myself C# and .Net. I also studied a lot about Object Oriented Programming. I learned all about the software life cycle. I was taught software development techniques, such as the Waterfall Model. I even taught myself a little bit about Agile Programming techniques.

Then I got a job. I now write code for a mainframe server that is running programs written in PL/1. Ever hear of PL/1? Yeah most people haven't. The system has an embedded scripting language, similar to BASIC. As such, I often times must deal with code that is more than a little archaic.

Some of this code I'm dealing with is older than me. It's built to system constraints that no longer exist. The code isn't commented, because at the time it was written space was too precious for comments. It's been patched and modified and patched again, for probably longer than I've been alive.

As such, it is my job to take this archaic software, and make it do things that the current era of computer users expect software to do. I teach that old dog new tricks.

My tools? A bear skin and a stone knife. That's what it feels like I have to work with. I'm expected to build things that can compete in today's industry with tools that are the stone tools of the computer age.

I always said I liked a challenge.

To blog or not to blog

I have been contemplating doing a blog for a long time now. Somewhere in the range of a few years. But, why haven't I?

Well, a big reason I haven't is because I have too much to say. Do I talk about life? Do I talk about video games? Do I talk about school? Do I talk about work? Just so many topics! How can I choose just one? Sure, I could have a blog that talks about EVERYTHING, but wouldn't that just be a cluttered mess?

Well, I decided to go ahead with the cluttered mess anyways. Perhaps with time the blog will mature, and take on particular topics. Or perhaps I'll spin it off into a few different blogs, each with their own topic.

But until then, here it is. For the moment I have no planned format. No typical length. Nothing. This is purely an experiment for my ability to do this. Do I care if anyone reads this? Nah. I'm just writing this because sometimes I just have things I want to say.