© 2009 chilts.org | Created with LollySite
Privacy Policy | Terms of Use | Original Design: Free CSS Templates.
Found 5 entries.
After adding trackback to my blog code, I haven't yet enabled it. And I still need to add some trackback code to the admin side...
...tsk tsk.
I really need to get to it, though it has been a mad week or so back in New Zealand. This weekend, I promise.
Oh, and the other thing I need to do is add an archive for my blog...bugger. I really shouldn't think about these things 'coz otherwise I'll just find more and more things that need to be done.
Labels: trackback, kapiti-geek-nz
Inserted: 2006-09-27 19:57 (3 years, 5 months ago)
About a month ago my server had network problems and I lost my Google Juice. Now I want it back.
For about 4 days my site was inaccessible and straight away Google showed that there were less pages indexed from my site. At the moment of course, I have very modest statics since the site has only been going a couple of months, but it said at one stage that about 50 pages were indexed.
A few days ago, it said that about 20 pages were being indexed and now it's up to 30.
There may be another reason for this though and I suspect my server outage was a bit of a red-herring. In between these times I have been away and had only updated my blog the once, so I suspect that was also partly (mostly?) to blame.
So the moral of the story is "though shalt update the website regularly" - which we all kinda knew anyway. Best to learn it the hard way I suppose.
P.S. Just found the term "Google Juice" on \[p]{Jeremy Visser|http://narnia.bounceme.net/jeremy/2006/09/27/downtime/}'s blog which prompted me to write this.
Labels: google, easy-speedy
Inserted: 2006-09-27 19:54 (3 years, 5 months ago)
I didn't want an iPod, that's why.
For a while I waited since I wanted to get one of the new Sandisk Sansa e270's, but still it didn't seem to come out and it was a bit pricey. I held out since they looked so much better than the iPod Nanos.
But now it seems that they went a bit far and from this article on \[p]{Engadget|http://www.engadget.com/2006/05/22/sandisk-wants-you-to-say-idont-to-ipod/} I found that they had created a site called \[p]{iDont.com|http://idont.com}. Personally, I chose to go against iPod for my own reasons though I don't think they should say it themselves since, as the Engadget article says, it smacks of being a poor loser - not that they are, since I think eventually they will catch up on Apple (though probably never take over).
As for the site, I don't have Flash installed so basically my opinion of it is fairly low. And who thinks the little monster thing looks like the \[p]{Telecom|http://telecom.co.nz} mascot (sorry, can't find the picture I want).
Added to the fact that they wrote it in PHP...\[p]{need I say more|http://www.lethargy.org/~jesus/archives/68-PHP-Sucks..html}.
Inserted: 2006-09-26 22:56 (3 years, 5 months ago)
After hearing some random people shout their passwords out, we as Programmers (and other IT peoples) should set a good example.
Recently, in my travels (in the travel agent), the lady serving me was unsure of how to book a couple of gnarly tickets, so she called one of the other staff members over. She had to log on to a new system to do it and was told, right in front of me, the username and password of the system. Further to this, I saw the web address of the site and was blatently public facing. I had all the details to be able to log on!
I told here that I would try and 'forget' those details straight away. She knew I worked in IT and said "I guess you forget them all the time with having so many with your type of work". I said "Quite the opposite, it's exactly those sorts of things I remember". I was quite shocked at the plain inability to understand what passwords are actually used for - not that their password was any good anyhow.
Another time on my travels on the train, two school girls were talking about doing their homework on their parent's computers. One stated that she tried for an hour to log in to her Dad's machine by guessing the password. In the end she realised that no password had actually been set! This isn't so major, but it does make you think.
These two examples obviously show that we still need to educate the people regarding the security and effectiveness of having a good password.
It seems that most of us IT people know what constitutes a good password. You know, the usual no dictionary words, mixture of letters, characters and symbols, of a reasonable length and of course the old favourite, don't write it down.
But at various times (usually working with other systems) I have had the misfortune of coming across a list of usernames with their respective plain-text passwords. I mean come on, if we expect users to be sensible with their passwords, then we also have to be with them too.
Over the past year or so, I've changed the way I deal with passwords. Originally I would get the password and do an MD5 hash of it prior to storing. This seemed good at the time, but it's not really since a lot of people still use dictionary words and with sites like \[p]{md5 reverse lookup|http://md5.crysm.net/} around they can sometimes be figured out if the hashed passwords get into the wrong hands. Try this \c{\[p]{8b1a9953c4611296a827abf8c47804d7|http://us.md5.crysm.net/find?md5=8b1a9953c4611296a827abf8c47804d7}} for starters.
The next stage in my password adventure, I started hashing the password with a 'seed' string. As an example, if the password entered was 'TryMe' and my seed was 'Xg7*e#q!', the hash would use 'Xg7*e#q!TryMe'. This helps, but these days modern computers can reverse engineer the hash within a reasonable length of time, especially if it isn't that long. Armed with the reversed password of a few hashes, the seed (whether tacked on at the start or end) can be figured out and then used to reverse engineer the others more quickly.
Recently, I've taken it a step further and now use both a common seed of random letters, numbers and symbols 8 characters long prepended to the password, followed by another 8 random characters which are unique to that user. This way, even if the common seed can be found by reversing a few hashes, the random characters at the end both lengthens the password and makes sure that dictionary attacks don't suceed. Therefore, unlike the previous example (where a lookup table can then be used), to retrieve each and every password a very lengthy reverse engineering process would have to be undertaken.
As a quick example, if the common seed was as above, the string to be hashed could look like 'Xg7*e#q!TryMekP)i$dYn'.
This is where I'm up to at the moment and I'm a lot happier for it. I'm sure there are probably more ways of doing it to strengthen the password encoding so if anyone has any more hints and tips, I'd be happy to hear them.
But more importantly, let's finally start handling passwords with as much care as we tell our non-computer literate friends and family.
Labels: password, planet-catalyst, md5
Inserted: 2006-09-23 00:29 (3 years, 5 months ago)
After a month away, I'm back and ready to start posting again.
I have a few topics to write about in the next few days, so instead of getting them all out at once, I'll spread them out. Anyways,... my first one will probably be tomorrow since I'm very tired. I know, I'm a wuss.
Inserted: 2006-09-22 23:46 (3 years, 5 months ago)
© 2009 chilts.org | Created with LollySite
Privacy Policy | Terms of Use | Original Design: Free CSS Templates.