Thursday, October 20, 2005

The First REAL Projector?

Finally. A projector that does things a projector should.

From the website: "As the worldÂ’s first automatic projector sporting a footprint smaller than a sheet of paper, the LT35 is bright, powerful and packed with technological innovations way ahead of its time. This little powerhouse does everything for automatically including start-up, focus, keystone correction and cool down."

I've been saying for a while that projectors are not user friendly. When a $50 camera can autofocus, you would expect that a $2000 projector would also. Unfortunately, we have become brainwashed consumers and buy buy buy anyway, without regard to quality requirements like this. Hopefully it will also scan all inputs simultaneously. There's no excuse for taking 20 seconds to acquire a signal.

Wednesday, October 19, 2005

What are you reading?

Okay, me first.

Joel on Software
Originally a weblog only, Joel Spolsky writes about the various challenges of software development. He talks about issues like Unicode, scheduling, project management, entrepreneurship, and the like. I don't agree with everything he says, and I wouldn't make it required reading at any organization, but there are definitely some good reads in there. I found the humor... ok. A worthwhile read.
$16.49 on

Secrets & Lies: Digital Security in a Networked World
Crypto legend Bruce Schneier's definitive Applied Cryptography is the tome for understanding crypto. But the book led people to believe that encryption solves all the world's security problems. This book clarifies that misconception. It takes a step back and explains what security really is: risk management. What, exactly, are we trying to secure, from whom, and for what purpose? Those are the quintessential questions, not "Which file extensions should we block?". It's designed to be read from beginning to end, so it's not a reference, and it takes a while to get though.

It's easy enough to read for a non-technical person, too. Biggest downside was that Schneier couldn't help but plug his company, but it doesn't interfere too much. A great read for IT folk and anyone who wants to know what computer security is really all about.
$12.21 on

What useful (non-fiction) books are you reading?

Thursday, October 13, 2005

Mousepad Attacks and How to Beat Them

It’s 8:55 AM. You sit down at your desk with your Dunkin’ Donuts Turbo Ice Latte (with Splenda, not sugar), and start checking your email. The first one reads:

Dear valued employee,

Effective immediately, all passwords must be at least 12 characters long, contain no vowels, and contain at least 5 symbol characters. We think this is more secure. All current passwords will expire at 5PM. We appreciate you continued cooperation in keeping our company a secure place to work.

Thank you,
IT Team

Riiiight … next email. You go about your normal business, writing memos you hope nobody reads, sorting all your files by color, or whatever it is people do at work during the day. Five o’clock rolls around and, suddenly, your applications close and you see a big prompt: “PLEASE CHANGE YOUR PASSWORD:”.

“So they weren’t just pulling my leg,” you think. “Oh well... what was that requirement again? FIVE symbols?” Oh, a password generation button. That makes it easy!


Oh sure, that’s easy to remember. How about a mnemonic? You heard that makes remembering passwords easier. “xenophobic Xylophones money backtick...” No, that won’t work. You’ve got it! Write it on a Post-It and stick it to the monitor! But, hmm, that doesn’t seem very safe. What if someone just walks by and reads it? You have sensitive data on this computer. Plus, that’s against corporate policy and you could get in trouble.

Aha! Write it on a Post-It, and then stick it to the bottom of your mousepad! Nobody will look there. Plus, you can discretely check it without anyone noticing that you wrote down the password. Problem solved.

* * *

Let’s back up and look at what just happened. Somebody decided that four number passwords were not secure because they were too easy to guess (I claim that this is debatable but that argument is for another time). In order to be secure, they argue, passwords must be X length and have Y characteristics. This makes them harder to break. It also makes them much harder to remember.

Security is not a technology problem. Security is a people problem.

People can’t, and shouldn’t be expected to remember long, random passwords with symbols in them. Maybe given practice, someone could eventually remember one password. But people are expected to remember dozens of these. Ideally, one for each account that they have. Your eBay password should be different from your Bank of America password, etc. Personally, I have at least 30 online accounts that I need to keep track of, probably more that I don’t even remember. And I’m expected to remember that many different passwords?

I don’t think so.

What to do? I could have one password and use it for everything. But is that a good idea? What if someone watches me type it? What if an evil librarian reads my password as I log into and then uses it to wire money from my bank account? Clearly I don’t want the same password for everything.

I could write down all my accounts with the corresponding user names and passwords, and keep it in my wallet. This is not a bad idea. Most people are pretty careful about protecting their wallets. If your wallet is stolen, some badguy somewhere now has your ATM card, credit card, and a whole lot of identification about you. Maybe your health insurance number is the same as your social security number. Congratulations, thief, you can now register credit cards in the victim’s name.

You can cancel your credit card, invalidate your ATM card, and get a replacement driver’s license. But what about all those passwords? You might not even remember what the accounts even are, let alone their passwords. Here’s a trick: swap the last and first letters of the password when you actually go to type it in. So if your password was really “abcdefg”, you would write down “gbcdefa” on your cheat sheet, and not tell anybody your little secret. That’s a very simple way to encrypt your passwords (as long as they don’t know how to unscramble the code).

Even with a garbled cheat sheet, though, it’s still going to be annoying to type in xX@`5m,2’p9QL{_; every time you want to log in to That’s going to take at least 20 seconds to type in unless you’re a very fluent typist. If only there were a program out there that would let you:
  1. Store all your passwords, for any system, on the computer
  2. Prevent anyone from stealing or viewing the list of passwords
  3. Save you the time of typing the passwords in

Oh yeah, one more thing... 4. I don’t want to pay anything for it.

I bet you can guess what I’m about to say next. Password Safe is a free tool from Counterpane Systems (i.e. Bruce Schneier) that does just that. It allows you to type in the user name and password for any system, and it remembers them all. You can name each account/password pair and create groups of accounts. For example, separate groups for “Personal” and “Work”.

That covers requirement 1. For requirement 2, the entire list of accounts is encrypted by one master password. This becomes the one password that you have to remember. This is a good one to scramble and put in your wallet.

For requirement 3, you simply double click on an account, and the password is placed in the computer’s clipboard. Now you can simply paste it into the password field. This allows you to securely log in without even remembering the password. You wouldn’t want a list of all the passwords exposed when someone was watching you over your shoulder.

And yes, it’s free.

Here’s where to get it:

Tuesday, October 11, 2005

In the beginning...

Welcome to my mind.

This journey will take you through depths of thought and contemplation of somebody else... me. Much of what you see you may not understand or care about. And that will be too bad. Please refrain from throwing any foreign objects from the vehicle during the ride. It might give me a headache.

All sentences are to be preceeded with "In my opinion,"

Some things I will not make this blog:
  1. A list of whines and complaints. I'll throw them in when I think they might be interesting to someone else, such as "Be careful buying milk from Store 24. I opened a fresh gallon to find that it was in fact primer paint."
  2. A list of links to other places without any interesting insights or comments.
  3. Politically or socially correct.
  4. "Here's an itinerary of everything I did today. And yesterday. And the day before."
If I repeat offend on any of the above, feel free to smack me. That's enough for now, I'll come back when I have something interesting to share.