This is an interesting marketing technique.
“Join the growing elite of IT leaders known as ‘Cloud Jumpers’ who have taken the leap and begun their journey to Cloud Computing. ”
It’s a short but respectable game from my very own VMware. Give it a try.
Make sure you have some time before you start Loops of Zen…
Just rotate the shapes until there are no loose ends. A little graph theory goes a long way.
It starts like this:
and continues thus (if you’re good or stubborn):
Looks like it saves your progress so you can continue where you left off.
Go on. Try it.
I’m not good at letting go. If I were doing this right, I’d just list the links and be done with it. But no, I have to blather about each one, because I found each of these interesting and worth saving saving to comment on for some reason.
Light Blue Touchpaper is a fairly technical blog focusing on security (“Security Research, Computer Laboratory, University of Cambridge”). A certain subset of my readers will find the archives interesting. Their recent series on passwords forms the backbone of this post.
Bottom line: many websites store passwords. Most are doing it wrong.
…but we believe ours was the first large study into how Internet sites actually implement them. We studied 150 sites, including the most visited overall sites plus a random sample of mid-level sites. We signed up for free accounts with each site, and using a mixture of scripting and patience, captured all visible aspects of password deployment, from enrolment and login to reset and attacks.
They link to this paper exploring the economic reasons why users may be wise to ignore security advice. (it probably says something about you if you find it as interesting as I did.)
Exploring the factors which lead to better security confirms the basic tenets of security economics: sites with more at stake tend to do better. However, doing better isn’t enough. Given users’ well-documented tendency to re-use passwords, the varying levels of security may represent a serious market failure which is undermining the security of password-based authentication.
Even the big boys often get it wrong. The greatest sinner I’ve seen is (or perhaps was) Charles Schwab. Due to an unhappy serendipity, I discovered that my password was not only inexcusably short, but also case insensitive. If my calculations are correct, this reduces the size of the password space by a factor of 67,108,864. I also wonder about Fidelity. When I call them, they want me to key in my “pin” on the phone. This is supposed to be the same as the “password” I use online. If that really works, then my complex online password is mapped to a much simpler one on the phone. If not, then they expect me to use a numeric password online. Both cases are security flaws.
It’s long been said in the security community that password re-use is dangerous because it enables attackers to compromise an account at a low-security site and gain access to a higher-security one. This is increasingly true as most websites today use email addresses as identifiers (87% in our study), meaning an email/password combination can unlock many online accounts. The RockYou hacker indicated that 10% of the email/password combinations registered at RockYou were also PayPal accounts (external compromise isn’t the only threat here: a malicious insider could certainly try to profit from a database at sites like this).
News websites may have very little to lose through poor password security, but they can undermine the efforts made by other sites.
“Gawker” was recently hacked, and their user/password database was used to hack into millions of accounts on other sites such as twitter. Light Blue Touchpaper and CodingHorror both have good analyses.
For security purposes, it would be better to use some kind of central identity protocol (an Internet Driver’s License).
Currently, the trendiest proposed solution is to use federated identity protocols to greatly reduce the number of websites which must collect passwords (as we’ve argued would be a very positive step). Much focus has been given to OpenID, yet it is still struggling to gain widespread adoption.
Unfortunately, security is not the primary goal for many sites. (my emphasis)
Why do small websites, particularly news websites, still collect their own passwords instead of relying on a federated identity provider?Considering newspaper websites as the prime example of password deployments with questionable utility, we found that they were significantly more likely than other websites to collect marketing data at the time of password collection. They also nearly universally, with only a single exception, insist on verifying the validity of a user’s email address as a pre-requisite for an account (this was equally true at sites which also require CAPTCHAs, so we don’t think false account prevention is the primary reason). At this point, users may be trained to accept the idea of inputting personal data along with a password. A password input field may serve as a ceremonial cue that entering personal data into a form is safe (verifying this with behavioural experiments is an important future research question).
Thus, collecting passwords provides cover for collecting personal data, which provides tangible benefits to a site operator. The costs of password collection, however, aren’t primarily borne by the server. As discussed Wednesday, the costs of insecurity are largely borne by higher-security websites. The usability costs, in contrast are borne by users themselves.
OpenID may be being held back by market forces. For users, removing the requirement of registering personal information with the site is an advantage, but for many websites, removing the ability to collect personal data eliminates a major justification for deploying passwords at all.
Sometimes, the programmers are not at fault. Management or Marketing is. They insist that information be collected for all users, and don’t seem to care that 80% of their users are named “Barney Rubble.” (That comes from a blog entry I cannot find - fill me in if you know who wrote it first.) This requirement comes at a cost. If you require registration to participate on your site, users will leave. If you require personal information, users will leave or lie.
I have an example. I like to listen to MP3 books in my 2008 RAV4. I have found that the CD player cuts off the last couple seconds of each track. Some audio books have track breaks every minute for my convenience - and these are unusable in the car. I spent way too long searching online for a solution, and found exactly one match at edmunds.com:
The OEM MP3 player on my 2008 Toyota RAV4 cuts off the last few seconds of each MP3 file.I have started burning MP3 files onto CDs to play on the CD/MP3 player in my 2008 RAV4 Limited (JBL sound system).
The last few seconds of every MP3 file are cut off abruptly, although when I use the CD on my computer the files are fine, so the problem is not with the CD.
I cannot find anything about this issue in the Owner’s Manual or on the internet, and nobody at the Toyota dealership knows anything about this. Does anyone know why this is happening and how I can correct it?
It’s an exact match, so I thought I’d add a “me too” comment with some additional information. Edmunds requires me to create a registration. I don’t want an account on edmunds.com, so I just left. Not worth the trouble, no thanks edmunds.
If you happen to have a solution, or a way to add 2 seconds of padding to an MP3/WMA file, please comment.
A ball and bat together cost $1.10. The bat costs $1.00 more than the ball.
How much does the ball cost?
This is a silly presentation (often the best kind), but he’s absolutely right - for any “it”, if it worked, somebody would be making money with it (and not just by selling plans on the internet.)
Happy day! This FoxTrot strip, added to some others I have bookmarked make a small collection worthy of a small post. Some are Christmasy and geeky and some are just geeky.
Next up is a guest post on xkcd by FoxTrot’s Bill Amend.
(Hover over the xkcd strips for additional comments - “Guest comic by Bill Amend of FoxTrot, an inspiration to all us nerdy-physics-majors-turned-cartoonists, of which there are an oddly large number.”)
Ok. That was mostly just geeky, but it’s a great segue to these.
This one mentions Santa:
This one is just funny (since my dad has a GPS…)
And finally, for my son, who always wants to know the difference between “geek” and “nerd”.
An anthropologist went to study a far-flung tropical island. He found a guide with a canoe to take him upriver to the remote site where he would make his observations. About noon on the second day of travel up the river they began to hear drums. The anthropologist asked his guide, “What are those drums?”
The guide turned to him and said, “Drums okay, but VERY BAD when they stop.”
As they traveled the drums grew louder and louder. The anthropologist was nervous, but the guide merely repeated, “Drums okay. Drums not bad. When drums stop, then very bad!”
Then the drums suddenly stopped. Terrified, the anthropologist yelled to the guide: “The drums stopped! What now?”
The guide crouched down, covered his head with his hands and said, “Guitar solo.”
via Mikey’s Funnies
Bruce Schneier is an “internationally renowned security technologist and author.” I started reading him because of his work in cryptography and computer security, but he also has a lot to say about security in general, and about airport security and the TSA in specific. He may have coined the term “security theater.”
This recent piece is really thought provoking. I agree 100% about the toll terrorism is causing us to inflict on ourselves and the complicity of our leaders.
Schneier on Security: Close the Washington Monument
Securing the Washington Monument from terrorism has turned out to be a surprisingly difficult job. The concrete fence around the building protects it from attacking vehicles, but there’s no visually appealing way to house the airport-level security mechanisms the National Park Service has decided are a must for visitors. It is considering several options, but I think we should close the monument entirely. Let it stand, empty and inaccessible, as a monument to our fears.An empty Washington Monument would serve as a constant reminder to those on Capitol Hill that they are afraid of the terrorists and what they could do. They’re afraid that by speaking honestly about the impossibility of attaining absolute security or the inevitability of terrorism — or that some American ideals are worth maintaining even in the face of adversity — they will be branded as “soft on terror.” And they’re afraid that Americans would vote them out of office if another attack occurred. Perhaps they’re right, but what has happened to leaders who aren’t afraid? What has happened to “the only thing we have to fear is fear itself”?
An empty Washington Monument would symbolize our lawmakers’ inability to take that kind of stand — and their inability to truly lead.
<there’s more>
Go read the whole article. Then fish around for some other interesting articles in his archives.
Another good post from Seth Godin: The inevitable decline due to clutter.
Seth’s posts are often so short that it’s difficult to extract a snippet or teaser without grabbing the whole thing, but here goes:
Once you overload the user, you train them not to pay attention. More clutter isn’t free. In fact, more clutter is a permanent shift, a desensitization to all the information, not just the last bit.
I think he makes a great point. The more junk information we are forced to endure, the better we have to be a fending it off. It’s not worth wading through the um, trough, to find the occasional gem any more.
Here’s my amusing and illustrative anecdote:
Last summer, my church was going to have a picnic. I knew the details were supposed to be in the bulletin one Sunday, but I couldn’t find it. I looked through the whole thing multiple times.
After the service, I took it up to the pastor and asked why there was no announcement. He gently pointed out that 1/3 of the second page was a full color announcement with all the details. You see, I don’t see advertising any more. I subconsciously filter it out. I have learned that Full Color bits in a black and white medium == advertisement, and advertisements are to be filtered out.
There is an old (1950’s) sci-fi series I’ve always enjoyed for the illustrations it gives me - The Lensmen, by E.E. Doc Smith. One of the human characters (Kimball Kinnison?) has a device that allows him to communicate with his partner (Tregonsee?), who is of a race of blind but telepathic and clairvoyant aliens (Rigellians?). As they are driving thorough an alien city, in a car with no windows, he is able to see his surroundings because of his telepathic link — except for some mysterious dark ovoids. It turns out that these are the clairvoyant alien equivalent of our highway billboards — and they are simply filtered out by the experienced clairvoyant.
How do you see advertising?
Whether you love gold as an investment or an inflation hedge or not, here’s a hilarious (to some of us anyway) video about buying gold.
My favorite line: “You will have a cube of pretty metal that’s really big.”
Hat tip to Pop Economics: The reasons I don’t buy gold (Video!)
Powered by WordPress
