A Distant Memery

Feb. 1st, 2011 02:56 pm

Let’s meme a meme.

Time?
14:06 EST
Can you fill this out without lying?
I try my best to never lie, so lying would be more difficult for me than being truthful.
What was the last thing you put in your mouth?
A homemade chicken quesadilla, followed by two 400 IU Vitamin D-3, washed down with 3 cups of Langers Berry Punch fruit juice cut 1:1 with water.
Have you ever kissed anyone named Scott?
Not that I recall.
Where was your profile picture taken?
On Rock Harbor Road going through the salt marsh in Orleans, Massachusetts during the 2010 Pan-Mass Challenge. Approximately (41.797871, -69.99278).
Can you play guitar hero?
I have never tried.
Name someone that made you laugh today?
Probably Inna.
How late did you stay up last night and why?
I went to bed early last night, shortly after 10pm, because I've underslept the past several days and can only make that deficit up on the front side.
If you could move somewhere else, would you?
I would retain my current residence, but I would also maintain a summer home on Cape Cod and a winter residence in the Caribbean.
Ever been kissed under fireworks?
Probably. Ailsa and Inna are the most likely culprits.
Which of your friends lives closest to you?
Probably Roopa.
Do you believe ex's can be friends?
I am friendly with nearly all of my exes, and it's highly probable that they would be friendly to one another, as well.
How do you feel about Dr Pepper?
Like any soft drink, it's terribly unhealthy for you.
When was the last time you cried really hard?
I don't recall.
Where are you right now?
Home, at desk.
Who took your profile picture?
An official Pan-Mass Challenge event photographer.
Who was the last person you took a picture of?
Aside from my cat Grady, I shot someone's handbag; I think it was Kaela's. And before that, someone's feet; that might have been Zeenat. And before that, Ranjeev.
Was yesterday better than today?
Today's pretty good, but it would be difficult to beat the day I had yesterday, which featured a major life development.
Can you live a day without TV?
I have lived over 16 years without a television. I'll go out to a pub to watch the NBA playoffs if the Celtics are in contention, but that's about it.
Are you upset about anything?
Being upset is an indicator of emotional immaturity and denial of responsibility for one's internal state.
Do you think relationships are ever really worth it?
They probably are, but I tend to prefer relationships which are easygoing and undemanding. Most relationships aren’t worth a lot of drama.
Are you a bad influence?
I wouldn't be the right person to ask.
Night out or night in?
Usually in. Out can be fun, with the right small group of people.
What items could you not go without during the day?
There aren't any particular items that I require every day.
Who was the last person you visited in the hospital?
Possibly Inna or maybe an uncle.
What does the last text message in your inbox say?
"up?????"
How do you feel about your life right now?
Generally quite satisfied at the strategic level, although the aging process is a bit of a challenge. At the tactical level, there's some tension, as I'm in the middle of a transition period.
Do you hate anyone?
I try not to.
If we were to look in your facebook inbox, what would we find?
Messages from recruiters. Spam. Anke's recipe for aloo mutter. A thank-you note.
Say you were given a drug test right now, would you pass?
Drug have never been part of my life, and I haven't touched alcohol in three years.
Ever been arrested?
No.
Has anyone ever called you perfect before?
Many times. I do my best to live up to that expectation.
What song is stuck in your head?
None. I've taken to avoiding music recently for precisely that reason. Although I did recently receive a pointer to Madness' "Night Boat to Cairo" video, and Madness is one of my two worst bands in the world for earworms (the other being Bim Skala Bim).
Someone knocks on your window at 2am, who do you want it to be?
Ed McMahon, with a very large check.
Wanna have grandkids before you’re 50?
Not in ten thousand years.
Name something you have to do tomorrow?
Test my bike out by doing a workout on the indoor trainer, since I just lowered my handlebars. Bring my bike down to the LBS for its five-year overhaul. Reserve a car for a Foxwoods trip. Register for the Old Ironsides 4th of July turnaround cruise lottery. Let the maintenance staff into the condo to test the fire alarms. Run the monthly backup and defrag jobs on my laptop.
Do you think too much or too little?
I find it unlikely that you'll be able to convince me that there is such a thing as too much thought.
Do you smile a lot?
A whole lot more than I used to, that's for sure.
Who was your last missed call on your Mobile phone?
Inna.
Is there something you always wear?
During the summer, I usually wear sandals, and I'm always wearing my cycling sandals while riding. I also usually wear my PMC wristband during the summer.
What were you doing 30 minutes ago?
Flipping the stem on my bike's handlebars, in order to lower them.
Did you have an exciting last weekend?
Not bad. Dhamma book club was good, and hanging out with Jay was good, too, although I probably shouldn't have eaten that entire calzone.
Have you ever crawled through a window?
Numerous times.
Have you ever dyed your hair?
Blue, red, blond.
Are you wearing a necklace?
No.
Are you an emotional person?
What are these emotions you speak of?
What's something that can always make you feel better?
Bike, ice cream, sunbeams, kitteh, money.
Will this weekend be a good one?
Probably. Dinner with Carla, and my Kalyana Mitta group, at minimum.
What do you want right now?
Wanting is a self-destructive behavior. The less wanting you do, the more satisfied you will find yourself.
Have you ever worn the opposite sex's clothing?
Of course.
Have you ever worked in a food place?
Several.
Does anyone know your facebook password?
No. Even *I* don't know my F*c*book password, as all my passwords are maintained by a password safe, and you have to go to special lengths to view them. And even if I did see it, it's unlikely I'd remember it, since it's a meaningless random string of several dozen characters and symbols.
Topics:
  • Add Memory
  • Share This Entry

Changing the Way the World Works

Nov. 24th, 2010 11:20 am

A world-changing piece of software was released recently, and you need to know about it. It’s called Firesheep, and it makes stealing your login information for the web sites you visit as easy as: point, click, done. I strongly urge you to Google it and educate yourself about it.

It shouldn’t surprise anyone that your login credentials have never been secure. After all, email, the world wide web, and the underlying packet switching protocols: none of them were designed to carry encrypted communications. And it’s not in the interest of commercial web sites to spend more time and effort than the absolute minimum necessary to convince you that that their sites are “secure”.

Still, up til now you’ve been able to reassure yourself with the belief that only people with very specialized knowledge and tools had the ability to hijack your web sessions.

Firesheep has changed that forever by putting those techniques behind a point-and-click interface that anyone from a four year old child to an eighty year old grandmother could operate.

All someone needs to do is (1) download the Firefox plugin, (2) connect to a public network, and (3) when presented with a list of other users’ sessions on that network, click the one they want to log in as. With no more skill or effort that that, they’ve got instant access to your account on Amazon, Twitter, Facebook, Gmail, Yahoo, Foursquare, Wordpress, and so forth. The rest, as we say, is YFN.

This is doubly bad news for anyone with a smartphone, because most of those devices automatically and indiscriminately connect to public WiFi networks, then send your login credentials to any sites you regularly monitor, without your knowledge or involvement.

There are solutions to this problem, and the people who create and maintain web sites have known about them for years, but balked at putting the extra security measures into practice. Firesheep was actually intended to bring this vulnerability to everyone’s attention, so that the problem might finally be addressed. How quickly do you think that’ll happen?

So here we are. After decades of playing fast and loose on the web, keeping your head in the sand about the risks, it’s finally time to get serious about securing the information you send over the public channel.

If you’re like most people, you probably don’t even take your username and password seriously. How often do you change it? How hard would it be for a human to guess? How long would it take a password guessing computer to crack? Do you use the same username and password for several sites?

The username/password security that we’ve gotten used to is largely just a placebo. It wrongly makes people think they’ve taken an effective security measure. But if your network traffic isn’t encrypted, Firesheep makes it easy for everyone else on the network to hijack your login.

Ideally, all public web sites would immediately transition to sending all web traffic via SSL. But deployment will certainly be extremely slow and spotty.

So what are your options? The first is obviously to carefully regulate your use of public networks. Another is to use a tool like Blacksheep, which might alert you when someone on the network is running Firesheep.

You can also ensure that all your traffic is encrypted by setting up a virtual private network (VPN). The problem there is that you need a trusted host to serve as a gateway, and if you use someone like your workplace, you might discover that they block the sites you want to visit on your personal time, like Facebook and YouTube.

In the meantime, it also makes sense to review your password policy.

I’ll admit my own culpability there: up til now, I’ve only had two passwords. I had one password that never changed, that I used for dozens of sites I didn’t consider that important; and I had another that I changed annually for sites that needed an extra level of “security”, like brokerage and bank accounts.

Needless to say, I’ve decided to fix that. My first change is to start using purely random generated passwords, making use of the full gamut of permitted characters (e.g. mixed case letters and special characters). I’m also using as long a password as each site allows (many allow passwords to be 15, 20, 40 or more characters). These measures are all designed to make my passwords harder to break.

The second change I’m making is that I’m assigning a different password for every single site I use. That ensures that if someone does break one of my passwords, they can only use it for one site, containing any possible damage they can cause.

My third change: turn off all password caching in my web browsers, and remove the existing memorized passwords. This has always been a huge, gaping security hole, and one that should never be used in the first place.

You might think those sound like a big pain in the ass. While it is some extra effort, it’s a lot better than handing a fifteen year old Russian hacker unlimited access to my bank accounts, yanno?

And actually, it’s not that much of an inconvenience if you use one of the many specialized password database managers that are out there. I started using KeePass, which—now that I’ve got it set up—seems like a no-brainer. Look into it.

For years, you’ve gotten away with not putting any serious thought or effort into your internet security. Like the companies that run the world’s major web sites, you did the bare minimum, and, like an ostrich, buried your head in the sand.

That was then, but this is now. Armed with weapons like Firesheep, there are lots of ostrich hunters out there now. People who continue to keep their heads in the sand will soon be meat on the table.

Don’t be one of them. Start taking care of your shit.

Topics:
  • Add Memory
  • Share This Entry

Ornoth's profile

ornoth: (Default)

Links

Frequent topics