Last month, I volunteered myself to run a breakout session at the 2012 UAS Conference, an
annual gathering of up to a thousand Oxford University staff. I’d run a 2-minute micropresentation at the July 2011 OxLibTeachMeet called “Your Password Sucks!”, and I thought I’d probably be able to expand that into a larger 25-minute breakout session.
My expanded presentation was called “Your password: How bad guys will steal your identity”, because I wasn’t sure that I’d get away with the title “Your Password Sucks” at a larger,
more-formal event.
The essence of my presentation boiled down to demonstrating four points. The first was you are a target – dispelling the myth that the everyday person can consider
themselves safe from the actions of malicious hackers. I described the growth of targeted phishing attacks, and relayed the sad story of Mat Honan’s victimisation by hackers.
The second point was that your password is weak: I described the characteristics of good passwords (e.g. sufficiently long, complex, random, and unique) and
pointed out that even among folks who’d gotten a handle on most of these factors, uniqueness was still the one that tripped people over. A quarter of people use only a single password for most or all
of their accounts, and over 50% use 5 or fewer passwords across dozens of accounts.
The four points I wanted to make through my presentation. Starting by scaring everybody ensured that I had their attention right through ’til I told them what they could do about it,
at the end.
Next up: attacks are on the rise. By a combination of statistics, anecdotes, audience participation and a theoretical demonstration of how a hacker might exploit
shared-password vulnerabilities to gradually take over somebody’s identity (and then use it as a platform to attack others), I aimed to show that this is not just a hypothetical
scenario. These attacks really happen, and people lose their money, reputation, or job over them.
Finally, the happy ending to the story: you can protect yourself. Having focussed on just one aspect of password security (uniqueness), and filling a 25-minute
slot with it, I wanted to give people some real practical suggestions for the issue of password uniqueness. These came in the form of free suggestions that they could implement today. I
suggested “cloud” options (like LastPass or 1Password), hashing options (like SuperGenPass), and “offline” technical options
(like KeePass or a spreadsheet bundles into a TrueCrypt volume).
I even suggested a non-technical option involving a “master” password that is accompanied by one of several unique prefixes. The prefixes live on a Post-It Note in your wallet. Want a
backup? Take a picture of them with your mobile: they’re worthless without the master password, which lives in your head. It’s not as good as a hash-based solution, because a crafty
hacker who breaks into several systems might be able to determine your master password, but it’s “good enough” for most people and a huge improvement on using just 5 passwords
everywhere! (another great “offline” mechanism is Steve Gibson’s Off The Grid system)
My presentation – marked on the above chart – left people “Very Satisfied” significantly more than any other of the 50 breakout sessions.
And it got fantastic reviews! That pleased me a lot. The room was packed, and eventually more chairs had to be brought in for the 70+ folks who decided that my session was “the place to
be”. The resulting feedback forms made me happy, too: on both Delivery and Content, I got more “Very Satisfied” responses than any other of the 50 breakout sessions, as well as specific
comments. My favourite was:
Best session I have attended in all UAS conferences. Dan Q gave a 5 star performance.
So yeah; hopefully they’ll have me back next year.
This blog post is about password security. If you don’t run a website and you just want to know what you should do to protect yourself, jump to the
end.
I’d like to tell you a story about a place called Internetland. Internetland is a little bit like the town or country that you live in, but there’s one really important difference: in
Internetland, everybody is afflicted with an unusual disorder called prosopagnosia, or “face-blindness”. This means that, no matter how hard they try, the inhabitants of Internetland
can’t recognise each other by looking at one another: it’s almost as if everybody was wearing masks, all the time.
Denied the ability to recognise one another on sight, the people of Internetland have to say out loud who they are when they want to be identified. As I’m sure you can imagine, it’d be
very easy for people to pretend to be one another, if they wanted. There are a few different ways that the inhabitants get around that problem, but the most-common way is that people
agree on and remember passwords to show that they really are who they claim to be.
Alice’s Antiques
Alice runs an antiques store in Internetland. She likes to be able to give each customer a personalised service, so she invites her visitors to identify themselves, if they like, when
they come up to the checkout. Having them on file means that she can contact them about special offers that might interest them, and she can keep a record of their address so that the
customer doesn’t have to tell her every time that they want a piece of furniture delivered to their house.
Some of Alice’s Antiques’ antiques.
One day, Bob came by. He found a nice desk and went to the checkout to pay for it.
“Hi,” said Alice, “Have you shopped here before?” Remember that even if he’d visited just yesterday, she wouldn’t remember him, so crippling is her face-blindness.
“No,” replied Bob, “First time.”
“Okay then,” Alice went on, “Would you like to check out ‘as a guest’, or would you like to set up an account so that I’ll remember you next time?”
Bob opted to set up an account: it’d only take a few minutes, Alice promised, and would allow him to check out faster in future. Alice gave Bob a form to fill in:
Bob filled in the form with his name, a password, and his address. He ticked the box to agree that Alice could send him a copy of her catalogue.
Alice took the form and put it into her filing cabinet.
The following week, Bob came by Alice’s Antiques again. When he got to the checkout, Alice again asked him if he’d shopped there before.
“Yes, I’ve been here before,” said Bob, “It’s me: Bob!”
Alice turned to her filing cabinet and pulled out Bob’s file. This might sound like a lot of work, but the people of Internetland are very fast at sorting through filing cabinets, and
can usually find what they’re looking for in less than a second. Alice found Bob’s file and, looking at it, challenged Bob to prove his identity:
“If you’re really Bob – tell me your password!”
“It’s swordfish1,” came the reply.
Alice checked the form and, sure, that was the password that Bob chose when he registered, so now she knew that it really was him. When he asked for a set of
chairs he’d found to be delivered, Alice was able to simply ask, “You want that delivered to 1 Fisherman’s Wharf, right?”, and Bob just nodded. Simple!
Evil Eve
That night, a burglar called Eve broke into Alice’s shop by picking the lock on the door (Alice never left money in the till, so she didn’t think it was worthwhile buying a very good
lock). Creeping through the shadows, Eve opened up the filing cabinet and copied out all of the information on all of the files. Then, she slipped back out, locking the door behind her.
Alice’s shop has CCTV – virtually all shops in Internetland do – but because it wasn’t obvious that there had been a break-in, Alice didn’t bother to check the recording.
Alice has CCTV, but she only checks the recording if it’s obvious that something has happened.
Now Eve has lots of names and passwords, so it’s easy for her to pretend to be other Internetlanders. You see: most people living in Internetland use the same password at most or all of
the places they visit. So Eve can go to any of the other shops that Bob buys from, or the clubs he’s part of, or even to his bank… and they’ll believe that she’s really him.
One of Eve’s favourite tricks is to impersonate her victim and send letters to their friends. Eve might pretend to be Bob, for example, and send a letter to his friend Charlie. The
letter might say that Bob’s short on cash, and ask if Charlie can lend him some: and if Charlie follows the instructions (after all, Charlie trusts Bob!), he’ll end up having his money
stolen by Eve! That dirty little rotter.
So it’s not just Bob who suffers for Alice’s break-in, but Charlie, too.
Bob Thinks He’s Clever
Bob thinks he’s cleverer than most people, though. Rather than use the same password everywhere he goes, he has three different passwords. The first one is his “really secure” one: it’s
a good password, and he’s proud of it. He only uses it when he talks to his bank, the tax man, and his credit card company – the stuff he thinks is really important. Then
he’s got a second password that he uses when he goes shopping, and for the clubs he joins. A third password, which he’s been using for years, he reserves for places that demand that he
chooses a password, but where he doesn’t expect to go back to: sometimes he joins in with Internetland debates and uses this password to identify himself.
Bob’s password list. Don’t tell anybody I showed you it: Bob’ll kill me.
Bob’s approach was cleverer than most of the inhabitants of Internetland, but it wasn’t as clever as he thought. Eve had gotten his medium-security password, and this was enough to
persuade the Post Office to let her read Bob’s mail. Once she was able to do this, she went on to tell Bob’s credit card company that Bob had forgotten his password, so they sent him a
new one… which she was able to read. She was then able to use this new password to tell the credit card company that Bob had moved house, and that he’d lost his card. The credit card
company promptly sent out a new card… to Eve’s address. Now Eve was able to steal all of Bob’s money. “Muhahaha!” chortled Eve, evilly.
But even if Bob hadn’t made the mistake of using his “medium-security” password at the Post Office, Eve could have tried a different approach: Eve would have pretended to be Alice, and
asked Bob for his password. Bob would of course have responded, saying “It’s ‘swordfish1’.”
Then Eve would have done something sneaky: she’d have lied and said that was wrong. Bob would be confused, but he’d probably just think to himself, “Oh, I must have given Alice a
different password.”
“It must be ‘haddock’, then,” Bob would say.
“Nope; wrong again,” Eve would say, all the while pretending to be Alice.
“Surely it’s not ‘h@mm3rHead!’, is it?” Bob would try, one last time. And now Eve would have all of Bob’s passwords, and Bob would just be left confused.
Good Versus Eve
What went wrong in Internetland this week? Well, a few things did:
Alice didn’t look after her filing cabinet
For starters, Alice should have realised that the value of the information in her filing cabinet was worth at least as much as money would be, to the right kind of burglar. It was easy
for her to be complacent, because it wasn’t her identity that was most at risk, but that of her customers. Alice should have planned her security in line with that realisation:
there’s no 100% certain way of stopping Eve from breaking in, but Alice should have done more to make it harder for Eve (a proper lock, and perhaps a separate, second lock on the filing
cabinet), and should have made it so that Eve’s break-in was likely to be noticed (perhaps skimming through the security tapes every morning, or installing motion sensors).
But the bigger mistake that Alice made was that she kept Bob’s password in a format that Eve could read. Alice knew perfectly well that Bob would probably be using the same password in
other places, and so to protect him she ought to have kept his password encrypted in a way that would make it virtually impossible for Eve to read it. This, in combination with an
effort to insist that her customers used good, strong passwords, could have completely foiled Eve’s efforts, even if she had managed to get past the locks and CCTV un-noticed.
Here in the real world: Some of Alice’s mistakes are not too dissimilar to the recently-publicised mistakes made by LinkedIn, eHarmony, and LastFM. While
these three giants did encrypt the passwords of their users, they did so inadequately (using mechanisms not designed for passwords, by using outdated
and insecure mechanisms, and by failing to protect stolen passwords from bulk-decryption). By the way: if you have an account with any
of these providers, you ought to change your password, and also change your password anywhere else that uses the same password… and if this includes your email, change it everywhere
else, too.
Bob should have used different passwords everywhere he went
Good passwords should be long (8 characters should be an absolute minimum, now, and Bob really ought to start leaning towards 12), complex (not based on a word in any dictionary, and
made of a mixture of numbers, letters, and other characters), and not related to you (dates of birth, names of children, and the like are way out). Bob had probably heard
all of that a hundred times.
But good passwords should also be unique. You shouldn’t ever use the same password in two different places. This was Bob’s mistake, and it’s the mistake of almost everybody
else in Internetland, too. What Bob probably didn’t know was that there are tools that could have helped him to have a different password for everybody he talked to, yet still
been easier than remembering the three passwords he already remembered.
Here in the real world: There are some really useful tools to help you, too. Here are some of them:
LastPass helps you generate secure passwords, then stores encrypted versions of them on the Internet so that you can get at them
from anywhere. After a short learning curve, it’s ludicrously easy to use. It’s free for most users, or there are advanced options for paid subscribers.
KeePass does a similar thing, but it’s open source. However, it doesn’t store your encrypted passwords online (which you might
consider to be an advantage), so you have to carry a pen drive around or use a plugin to add this functionality.
SuperGenPass provides a super-lightweight approach to web browser password generation/storing. It’s easy to understand and
makes it simple to generate different passwords for every site you use, without having to remember all of those different passwords!
One approach for folks who like to “roll their own” is simply to put a spreadsheet or a text file into a TrueCrypt (or
similar) encrypted volume, which you can carry around on your pendrive. Just decrypt and read, wherever you are.
Another “manual” approach is simply to use a “master password” everywhere, prefixed or suffixed with a (say) 4-5 character modifier, that you vary from site to site. Keep your
modifiers on a Post-It note in your wallet, and back it up by taking a picture of it with your mobile phone. So maybe your Skype suffix is “8Am2%”, so when you log into Skype you type
in your master password, plus that suffix. Easy enough that you can do it even without a computer, and secure enough for most people.
Commissioned, a webcomic I’ve been reading for many years now, recently made a couple of observations on the nature of “fetch quests” in contemporary computer
role-playing games. And naturally – because my brain works that way – I ended up taking this thought way beyond its natural conclusion.
Today’s children are presumably being saturated with “fetch quests” in RPGs all across the spectrum from fantasy Skyrim-a-likes over to modern-day Grand Theft Auto clones and science fiction Mass Effect-style video games. And the little devil on my left shoulder asks me how this can be manipulated for fun
and profit.
A typical fetch quest, taken to an illogical extreme. It's only a matter of time until you see this in a video game.
The traditional “fetch quest” goes as follows: I’ll give you what you need (the sword that can kill the monster, the job that you need to impress your gang, the name of the star that
the invasion fleet are orbiting, or whatever), in exchange for you doing a delivery for me. Either I want you to take something somewhere, or I want you to pick something up, or – in
the most overused and thankfully falling out of fashion example – I want you to bring me X number of Y object… 9 shards of triforce, 5 orc skulls, $10,000, or whatever. Needless to say,
about 50% of the time there’ll be some kind of challenge along the way (you need to steal the item from a locked safe, you’ll be offered a bribe to “lose” the item, or perhaps you’ll
just be mobbed by ninja robots as you ride along on your hypercycle), which is probably for the best because it’s the only thing that adds fun to role-playing a postman. I
wonder if being attacked by mage princes is something that real-life couriers dream about?
This really doesn’t tally with normality. When you want something in the real world, you pay for it, or you don’t get it. But somehow in computer RPGs – even ones which allegedly try to
model the real world – you’ll find yourself acting as an over-armed deliveryman every ten to fifteen minutes. And who wants to be a Level 38 Dark Elf
Florist and Dog Walker?
YAFQ.
So perhaps… just perhaps… this will begin to shape the future of our reality. If the children of today start to see the “fetch quest” as a perfectly normal way to introduce
yourself to somebody, then maybe someday it will be socially acceptable.
I’m going to try it. The next time that somebody significantly younger than me looks impatient in the queue for the self-service checkouts at Tesco, I’m going to offer to let them go in
front of me… but only if they can bring me a tin of sweetcorn! “I can’t go myself, you see,” I’ll say, “Because I need to hold my place in the queue!” A tin of sweetcorn may
not be as impressive-sounding as, say, the Staff of Fire Elemental Control, but it gets the job done. And it’s one of your five-a-day, too.
Or when somebody asks me for help fixing their broken website, I’ll say “Okay, I’ll help; but you have to do something for me. Bring me the bodies of five doughnuts, to
prove yourself worthy of my assistance.”
The other week I built Tiffany2, New Earth‘s new media centre computer. She’s well-established and being used to watch movies, surf the web, and whatnot, now, so I thought I’d
better fulfil my promise of telling you about my other new smaller-than-average computer, Dana, whose existence was made possible by gifts from my family over Christmas
and my birthday.
Dana‘s size and power-consumption is so small that it makes Tiffany2 look like a bloated monster. That’s because Dana is a DreamPlug, an open-architecture plug computer following in the footsteps of the coveted SheevaPlug and GuruPlug.
A dreamplug (seen here with a two-pin power connector, which helps to give you a sense of its size).
The entire computer including its detachable power supply is only a little larger than the mobile telephones of the mid-nineties, and the entire device can be plugged straight into the
wall. With no hard disk (it uses SD cards) and no fans, the DreamPlug has no moving parts to wear out or make noise, and so it’s completely silent. It’s also incredibly low-power – mine
idles at about 4 watts – that’s about the same as a radio alarm clock, and about a hundredth of what my desktop PCs Toni and Nena run at under a typical load.
I’ve fitted up mine with a Mimo Mini-Monster 10″: a dinky little self-powered USB-driven touchscreen monitor about the
size of an iPad. Right now the whole assembly – about the size of a large picture frame – sits neatly in the corner of my desk and (thanks to the magic of Synergy) forms part of my extended multi-monitor desktop, as well as acting as a computer in her own right.
Dana's Mimo Mini-Monster touchscreen: Dana herself is completely concealed behind the screen.
So on the surface, she’s a little bit like a wired tablet computer, which would seem a little silly (and indeed: at a glance you’d mistake her for a digital photo frame)! But because
she’s a “real” computer underneath, with a 1.2GHz processor, 512MB RAM, USB, WiFi, and two Ethernet ports, there’s all kinds of fun things that can be done with her.
For a start, she provides an ultra low-power extension to my existing office development environment. I’ve experimented with “pushing” a few tasks over to her, like watching log file
output, downloading torrents, running a web server, reading RSS feeds, and so on, but my favourite of her tasks is acting as a gateway between the rest of the world and my office.
A network diagram showing the layout of the computer networks on New Earth. It's more-complex than your average household.
While they’ve come a long way, modern ADSL routers are still woefully inadequate at providing genuine customisability and control over my home network. But a computer like this – small,
silent, and cheap – makes it possible to use your favourite open-source tools (iptables, squid, sshd, etc.) as a firewall to segregate off a part of the network. And that’s exactly what
I’ve done. My office – the pile of computers in the upper-right of the diagram, above – is regulated by Dana, whose low footprint means that I don’t feel bad about leaving her
turned always-on.
That means that, from anywhere in the world (and even from my phone), I can now:
Connect into Dana using SSH.
Send magic packets
to Toni, Nena, or Tiffany2 (all of which are on wired connections), causing them to turn themselves on.
Remotely control those computers to, for example, get access to my files from anywhere, set them off downloading something I’ll need later, or whatever else.
Turn them off when I’m done.
That’s kinda sexy. There’s nothing new about it – the technologies and standards involved are as old as the hills – but it’s nice to be able to do it using something that’s barely
bigger than a postcard.
I have all kinds of ideas for future projects with Dana. It’s a bit like having a souped-up (and only a little bigger) Arduino to play with, and it’s brimming with potential. How about a webcam for my bird feeder? Or home-automation tools
(y’know: so I can turn on my bedroom light without having to get out of bed)? Or a media and file server (if I attached a nice, large, external hard disk)? And then there’s the more
far-fetched ideas: it’s easily low-power enough to run from a car battery – how about in-car entertainment? Or home-grown GPS guidance? What about a “delivered ready-to-use” intranet
application, as I was discussing the other day with a colleague, that can be simply posted to a client, plugged in, and used? There’s all kinds of fun potential ideas for a box like
this, and I’m just beginning to dig into them.
This weekend, I integrated two new computers into the home network on New Earth. The first of these is
Tiffany2.
Tiffany2 is a small "media centre" style computer with an all-in-one remote keyboard/mouse.
Tiffany2 replaces Tiffany, the media centre computer I built a little under four years ago. The original Tiffany was built on a shoestring budget of
under £300, and provided the technical magic behind the last hundred or so Troma Nights, as well as countless other film and television nights, a means to watch (and record and pause)
live TV, surf the web, and play a game once in a while.
The problem with Tiffany is that she was built dirt-cheap at a time when building a proper media centre PC was still quite expensive. So she wasn’t very good. Honestly, I’m
amazed that she lasted as long as she did. And she’s still running: but she “feels” slow (and takes far too long to warm up) and she makes a noise like a jet engine… which isn’t what
you want when you’re paying attention to the important dialogue of a quiet scene.
Tiffany and Tiffany2. Were this a histogram of their relative noise levels, the one on the left would be much, much larger.
Tiffany2 is virtually silent and significantly more-powerful than her predecessor. She’s also a lot smaller – not much bigger than a DVD player – and generally more
feature-rich.
This was the first time I’d built an ITX form-factor computer (Tiffany2 is Mini-ITX): I wanted to make her small, and it seemed like the best standard for the job. Assembling some of her components
felt a little like playing with a doll’s house – she has a 2.5″ hard disk and a “slimline” optical drive: components that in the old days we used to call “laptop” parts, which see new
life in small desktop computers.
Examples of six different hard drive form factors. Tiffany2 uses the third-smallest size shown in this picture. The computer you're using, unless it's a laptop, probably uses the
third-largest (picture courtesy Paul R. Potts, CC-At-SA).
In order to screw in some of the smaller components, I had to dig out my set of watchmaker’s screwdrivers. Everything packs very neatly into a very small space, and – building her – I
found myself remembering my summer job long ago at DesignPlan Lighting, where I’d have to tuck dozens of little
components, carefully wired-together, into the shell of what would eventually become a striplight in a tube train or a prison, or something.
She’s already deployed in our living room, and we’ve christened her with the latest Zero Punctuation, a few DVDs, some episodes of Xena: Warrior Princess, and an episode of Total Wipeout featuring JTA‘s old history teacher
as a contestant. Looks like she’s made herself at home.
(for those who are sad enough to care, Tiffany2 is running an Intel Core i3-2100 processor, underclocked to 3GHz, on an mITX Gigabyte GA-H61N-USB3 motherboard with 4GB RAM, a 750GB hard disk, and DVD-rewriter, all wrapped up in an
Antec ISK 300-150 case with a 150W power supply: easily enough for a media centre box
plus some heavy lifting if I ever feel the need to give her any)
If you see me in person, you’ll know that this is something I rant about from time to time. But that’s only because people consistently put themselves and their friends at risk,
needlessly, and sometimes those friends include me. So let me be abundantly clear:
If you’re reading this, there is at least a 95% chance that your passwords aren’t good enough. You should fix them.
Today.
Let’s talk about what what we mean by “good enough”. A good password needs to be:
Long. Some of you are still using passwords that are shorter than 8 characters. The length of a password is important because it reduces the risk of a robot “brute
forcing” it. Suppose a robot can guess 1000 passwords a second, and your password uses only single-case letters and numbers. If you have a 4-character password, it’ll be lucky to last
quarter of an hour. A 6-character password might last a week and a half. At 8-characters, it might last a few decades. Probably less, if your password makes one of the other mistakes,
below. And the robots used by crackers are getting faster and faster, so the longer, the better. My shortest password is around 12 characters long, these days.
Complex. Remember how long an 8-character password lasts against a “brute force” attack? If you’re only using single-case letters, you’re reducing that by almost a
third. Mix it up a bit! Use upper and lower case letters, and numbers, as standard. Consider using punctuation, too. There’s no legitimate reason for a website to demand
that you don’t have a long and complex password, so if one does seem to have unreasonable requirements: write to the owners and threaten to take your business elsewhere if they don’t
get with the times.
Random. If your password is, is based on, or contains a dictionary word (in any language), a name or brand name, a date, a number plate or (heaven forbid) a national
insurance number, it’s not good enough. “Brute force” attacks like those described above are usually the second line of attack against properly-stored passwords: first, a robot will
try every word, name or date that it can think of, with and without capitalisation and with numbers before and afterwards. Many will also try common phrases like “iloveyou” and
“letmein”. WikiHow has a great suggestion about how to make
“random” passwords that are easy to remember.
Unique. Here’s the one that people keep getting wrong, time and time again. You should never, never, use the same password for multiple different
services (and you should be very wary of using the same password for different accounts on the same service). This is because if a malicious hacker manages to get your
password for one site, they can now start breaking into your accounts on other sites. Some people try to get around this by keeping two or three “levels” of passwords, for low-,
medium-, and high-security uses. But even if a hacker gets access to all of your “low” security sites, that is (these days, frequently) still a huge amount of data they have
with which to commit an identity theft.The other big reason to make sure your passwords are unique is that it makes it safer to share them, if the need arises. Suppose that for some
reason you need to share a password with somebody else: it’s far safer for everybody involved if the password you share with them works only for the
service you wanted to give them access to. Every person you trust is one more person who might (accidentally) expose it to a hacker by writing it down.Even if you have to memorise a
complex “master” password and keep in your wallet a list of random “suffixes” that you append to this master password, different for each site, that’s a huge step
forwards. It’s also a very basic level of two-factor
authentication: to log in to your Twitter account, for example, you need your master password (which is in your head), plus the Twitter suffix to the password (which is
written down in your wallet).
There’s been a wave of attacks recently against users of social networking websites: an attacker will break into an insecure web forum to get people’s email addresses and password, and
then will try to log in to their webmail accounts and into social networking sites (Facebook, Twitter, etc.) using those same credentials. When they get a “hit”, they’ll explore the
identity of the victim, learning about their language patterns, who their friends are, and so on. Then they’ll send messages or start chats with their victim’s friends, claiming to be
their victim, and claim some kind of crisis. They’ll often ask to borrow money that needs to be wired to them promptly. And then they’ll disappear.
In this interconnected world, it’s important that your passwords are good not only for your benefit, but for your friends too. So if you’re guilty of any of the “password
crimes” above – if you have passwords that are short (under 8 characters), simple (don’t use a mixture of cases and include
numbers), predictable (using dictionary words, names, dates, etc.: even if they include a number), or re-used (used in more than one place or
for more than one site) – change your passwords today.
SuperGenPass – a very good way to use a strong, unique password for every website without having to remember multiple
passwords. Free.
KeePass – a great way to use a strong, unique password for every site and service without having to remember multiple passwords.
Free.
LastPass – another great way to use a strong, unique password for every site and service without having to remember multiple
passwords. Free (or cheap, for the premium version).
This is scary. This guy’s managed to build a mini-ITX Windows XP box… inside a Windows XP box (by which I mean one of those boxes in which they ship copies of Windows XP). It’s a full
working computer (well, it runs Windows, but you know what I mean) inside the box that originally contained the copy of Windows which is installed upon it.
Claire and I are leaving Aberystwyth for Norfolk! Off to spend Christmas with her folks before heading up to Preston on Boxing Day to be with my family.
Have barely begun wrapping presents. For that matter, I still haven’t had delivered my mum’s present. Or one of Claire’s. Damned freaky postmen. Or something.
In any case, I’ll be in and out of internet access (well, technically, I’ve now put my Psion 5mx back into
active service, which, combined with my funky GPRS mobile phone, puts me online ‘everywhere’, but hey: I think I’ve downloaded a telnet client so wherever I go I *theoretically* have
e-mail access… we’ll see).
Running late for work. Was supposed to get up and take laptop to Daton as part of an insurance scam, but I’m still at home after having woken up late. Still, Claire’ll be at work until
about 1am today… in Newtown… so there’s no benefit to me coming home early. I’ll work late.
Updated Troma Night at long last – this web site chronicles the things I get up to on termtime Saturday nights.
Suppose I oughta go get this laptop sorted and put my paycheque into the bank, then get my lazy layabout arse to work.
Cool And Interesting Thing Of The Day To Do At The University Of Wales, Aberystwyth, #35:
Raid a skip outside the computer labs, filled to the brim with semi-defunct equipment. Steal several cables, some dumb-terminal keyboards, and a PSU (which was funtional, but later
caught fire). Spend much of the remainder of the afternoon taking broken monitors from it and throwing them from great distances into the skip again, just ’cause you want to see if you
can make them implode and blow a hole in the side of the skip. Fail. Spend much of the evening trying to get an old 8086 your flatmate pulled from it to work. Succeed… to a degree… it
just doesn’t *do* much!
The ‘cool and interesting things’ were originally published to a location at which my “friends back home” could read them, during the first few months of my time at the University
of Wales, Aberystwyth, which I started in September 1999. It proved to be particularly popular, and so now it is immortalised through the medium of my weblog.
This declaration was posted to one of my first websites, on 22 April 1997; I’m not certain why. From the sounds of things I was using a school computer at the time. It was
republished here on 22 March 2021.
I am using an RM PC-433S Accelerator on a 486 Nimbus Network, operating a Brother M-1824L dot matrix and a Brother HL-8e laser jet. I am using a mouse and a 102-key keyboard. The
monitor is capable of displaying up to 256 colours in VGA, at a resolution of 640×480.
