May 2007 Archives
Just a couple of shortcuts for use in Windows:
Win + E opens Windows Explorer (at C:\, not down your Documents & Settings path)
Win + D brings the desktop to the top
Win + M Minimizes all windows
Ctrl + Shift + Esc opens Windows Task Manager
(Win being the Windows key next to your left hand Control key
Win + E opens Windows Explorer (at C:\, not down your Documents & Settings path)
Win + D brings the desktop to the top
Win + M Minimizes all windows
Ctrl + Shift + Esc opens Windows Task Manager
(Win being the Windows key next to your left hand Control key
I was looking for an independent DNS service provider for my domains for several reason. First, setting up DNS by hand is a pain. Second, my server ISP DNS service is inflexible (can't set up SPF records, for instance). Thirdly, I don't have, need or want 3+ separate DNS in differently locations to manage.
I've previously used Gradwell at work and found them very helpful, reliable and their web interface powerful and very usable. However, at £100 entry into their DNS service, it was too expensive. Lots of searching later I found Microtech who, for £35 for 10 domains, are a fair bit cheaper. Their control panel is also very usable, and comprehensive, plus they offer 4 name servers with 3 in the UK and 1 in the USA to ensure you avoid single points of failure. There's even a handy SPF generator.
More than that, having set up one more of my domains with them I found one of the name servers was refusing to respond. I contacted them via the support form and within 30 minutes the problem had been fixed, and that was at 22:00hrs. I like fast, effective service like that. Highly recommended so far.
I've previously used Gradwell at work and found them very helpful, reliable and their web interface powerful and very usable. However, at £100 entry into their DNS service, it was too expensive. Lots of searching later I found Microtech who, for £35 for 10 domains, are a fair bit cheaper. Their control panel is also very usable, and comprehensive, plus they offer 4 name servers with 3 in the UK and 1 in the USA to ensure you avoid single points of failure. There's even a handy SPF generator.
More than that, having set up one more of my domains with them I found one of the name servers was refusing to respond. I contacted them via the support form and within 30 minutes the problem had been fixed, and that was at 22:00hrs. I like fast, effective service like that. Highly recommended so far.
Talking to a friend over a pint this weekend, the subject of authentication versus identification came up. I was surprised that he didn't know the difference so here's a brief explanation of how I see it: authentication tells you something (or someone) is what (or who) you have been told it (or they) are; identification tells you what (or who) something (or someone is).
When you apply this to the farcical National ID Card scheme the gubmint is intent on implementing you can start to see why authentication is more secure than identification. Suppose I have one of these ID cards and someone steals it. Assuming they will be able to read the data on the card (and seeing as the gubmint can, they will) they will know my name, address, age, height and so on. What if that someone steals it off me at the airport? They will then have a fair guess that nobody will be home for a week or so. So they cruise around, break in, and take their pick of all my belongings.
Now imagine the card can only authenticate who I say I am. Someone steals it. What will they know? They'd have to guess triliions of names, addresses, ages etc. combinations and keep testing the card to see which one authenticates. In fact, it'd take them so long to ever come up with the right combination they are more likely to be dead from old age than extracting all my possessions from my house.
Authentication instead of Identification is entirely possible: you take all the vital details that form your identity and you encrypt them (one way encryption, of course) and maybe encrypt that several times more. No feasible way to go backwards from an encrypted key to the original data that the key represents, you now have a magic key that only you can turn.
This is one of the many things that is wrong with the National ID Card scheme. We are going to be made to pay hundreds each to have a piece of card that makes your identity less secure. All the substantial benefits touted in favour of the scheme can be achieved with authentication, and some of the major problems can be avoided with authentication instead of identification.
When you apply this to the farcical National ID Card scheme the gubmint is intent on implementing you can start to see why authentication is more secure than identification. Suppose I have one of these ID cards and someone steals it. Assuming they will be able to read the data on the card (and seeing as the gubmint can, they will) they will know my name, address, age, height and so on. What if that someone steals it off me at the airport? They will then have a fair guess that nobody will be home for a week or so. So they cruise around, break in, and take their pick of all my belongings.
Now imagine the card can only authenticate who I say I am. Someone steals it. What will they know? They'd have to guess triliions of names, addresses, ages etc. combinations and keep testing the card to see which one authenticates. In fact, it'd take them so long to ever come up with the right combination they are more likely to be dead from old age than extracting all my possessions from my house.
Authentication instead of Identification is entirely possible: you take all the vital details that form your identity and you encrypt them (one way encryption, of course) and maybe encrypt that several times more. No feasible way to go backwards from an encrypted key to the original data that the key represents, you now have a magic key that only you can turn.
This is one of the many things that is wrong with the National ID Card scheme. We are going to be made to pay hundreds each to have a piece of card that makes your identity less secure. All the substantial benefits touted in favour of the scheme can be achieved with authentication, and some of the major problems can be avoided with authentication instead of identification.
Thanks to The Inquirer for this article which details how the details of passport applications of millions of people can be viewed online by a bit of simple URL tweaking (reminds me of the good old days of online games where session IDs consisted of an incremental number making it easy to hijack someone's session). What's more, it's been known about by the authorities for a year. So even before you receive your insecure RFID chipped passport someone could quite easily have received all your details anyway.
Beggars belief.
Beggars belief.
For some reason or another I was reminded of something I did when I managed Age of Chaos some time ago. The problem was I had set up a very crude instant chat facility in-game. It worked, crudely, but many kids would join the game, see it was text-based and a bit difficult and post things like "this game is so gay" "u r so gay" and so on. So all I did was add a regex to replace "gay" with "hard" in the chat window, et voila! "This game is so hard", "Err, I said hard not hard", "You are all hard". Minutes of fun were had.
As you were.
As you were.
We have myriad passwords to remember these days. Many people solve this by using the same or similar ones for many web sites, applications and whatnot. The problem with that approach is that if someone sees one of them you're at risk of them accessing things you don't want them to; like to your email, for instance.
The most dangerous thing for passwords is systems that store them as plain text. That means they are saved just as they are. If your password is "lemonjelly" somewhere in a database is the word "lemonjelly". Now imagine someone finds that out. If that is your password for a chat or game site and your email, it might be revealed to someone you'd rather it wasn't. And most game and chat sites also store your email address. So now they know your email and a password you use.
What they might do is try your game/chat password on your email site (say you use Hotmail, for instance). Would you be happy with the contents of your email account being viewed by this intruder?
Start each password with the same string of characters (let's say "c33p")
End each password with another string of characters (let's say "9nng9")
Put something in the middle that's easy to remember.
Use these examples, you might have
Using good passwords is especially important when you know a site is saving your details in plain text. You will know this for certain if you forget your password: if they send you a reminder of what it actually is, they've stored it in plain text. If they send you a new password they might have stored it in plain text anyway, but it's less likely.
But consider using KeePass or something similar to generate and store really hard password for you. It might be annoying to start with (having to copy and paste it in every time) but the peace of mind from knowing you have done a pretty good job of protecting your data is the pay back.
Oh, and don't let FireFox or IE store your password. That's asking for trouble...
The most dangerous thing for passwords is systems that store them as plain text. That means they are saved just as they are. If your password is "lemonjelly" somewhere in a database is the word "lemonjelly". Now imagine someone finds that out. If that is your password for a chat or game site and your email, it might be revealed to someone you'd rather it wasn't. And most game and chat sites also store your email address. So now they know your email and a password you use.
What they might do is try your game/chat password on your email site (say you use Hotmail, for instance). Would you be happy with the contents of your email account being viewed by this intruder?
What you should do
First, use different passwords on different things. Second, use something like KeePass to store your passwords safely. If you can't be bothered with the second option (KeePass is free, secure and easy to use), and you can't remember lots of very different passwords, try this method:Start each password with the same string of characters (let's say "c33p")
End each password with another string of characters (let's say "9nng9")
Put something in the middle that's easy to remember.
Use these examples, you might have
- c33pmail9nng9 - for Hotmail
- c33pdate9nng9 - for a dating site
- c33pgoogle9nng9 - for your Google account
Using good passwords is especially important when you know a site is saving your details in plain text. You will know this for certain if you forget your password: if they send you a reminder of what it actually is, they've stored it in plain text. If they send you a new password they might have stored it in plain text anyway, but it's less likely.
But consider using KeePass or something similar to generate and store really hard password for you. It might be annoying to start with (having to copy and paste it in every time) but the peace of mind from knowing you have done a pretty good job of protecting your data is the pay back.
Oh, and don't let FireFox or IE store your password. That's asking for trouble...
Road Tax is inefficient. It creates an easy to commit crime. It also penalises you for using your car less than others do. It's also inconvenient: paying a lump sump once or twice a year by filling in a form and queuing in a Post Office during working hours. Abolish it (for private & light goods vehicles) and increase fuel duties to recoup the lost revenue. The more you use fuel the more you use roads and the more you pay, which makes sense, right?
It also reduces Police and court time spent enforcing an archaic, regressive tax. It would also reduce the amount of people facing hefty fines for non-compliance - and these are more typically people who couldn't afford a hefty fine in the first place (hence they didn't buy their road tax). Additionally, people with overseas registered cars would be paying their way better. If you have, say, a car registered in Italy, you pay no road tax. What's the sense of that?
It also reduces Police and court time spent enforcing an archaic, regressive tax. It would also reduce the amount of people facing hefty fines for non-compliance - and these are more typically people who couldn't afford a hefty fine in the first place (hence they didn't buy their road tax). Additionally, people with overseas registered cars would be paying their way better. If you have, say, a car registered in Italy, you pay no road tax. What's the sense of that?
And raise tax allowances. Much simpler, and the most benefit goes to the most needy. In fact, the only thing the gubmint needs to do when it comes to budget day is work out how much less tax it needs and raise tax allowances accordingly. A £1000 tax free is worth a lot more to someone on £15,000 than it is to someone on £60,000.
It's also incredibly more efficient than a 12-page form, separate IT systems, separate rules and procedures. The savings in red tape costs can be passed on as well - by raising tax allowances even more.
And get rid of National Insurance altogether. Add a bit to basic rate income tax to cover the lost revenue, and raise tax allowances a bit to show the savings made in less administration. Currently, National Insurance creates a poverty trap: under a certain amount you pay nothing; over that amount you pay on everything you earn, which can leave you with less take home pay than if you were paid a quid less. National Insurance also represents an easy way to raise income taxation for gubmints by not so stealthy means. Get rid of it.
Imagine a scenario where the basic tax allowance reached £15,000. Anyone on a really low income would see 100% of their pay, and anyone of a really low income would need every penny they had earned. It makes sense, right?
It's also incredibly more efficient than a 12-page form, separate IT systems, separate rules and procedures. The savings in red tape costs can be passed on as well - by raising tax allowances even more.
And get rid of National Insurance altogether. Add a bit to basic rate income tax to cover the lost revenue, and raise tax allowances a bit to show the savings made in less administration. Currently, National Insurance creates a poverty trap: under a certain amount you pay nothing; over that amount you pay on everything you earn, which can leave you with less take home pay than if you were paid a quid less. National Insurance also represents an easy way to raise income taxation for gubmints by not so stealthy means. Get rid of it.
Imagine a scenario where the basic tax allowance reached £15,000. Anyone on a really low income would see 100% of their pay, and anyone of a really low income would need every penny they had earned. It makes sense, right?
Saw this Big Blue Day idea on the Greenpeace site when looking around for details about Japan's attempts to get the whaling ban lifted by bribing poor countries into voting with them at the IWC.
Anyway, it looks like a great idea to me and I figured I'd offer to help them with a web site to list the events on. They said yes and so I've bought the bigblueday.com and am determined to get an event listing up and running as soon as possible.
Any help from designers to turn a cruddy developer's idea of design into a decent looking site gratefully received!
Anyway, it looks like a great idea to me and I figured I'd offer to help them with a web site to list the events on. They said yes and so I've bought the bigblueday.com and am determined to get an event listing up and running as soon as possible.
Any help from designers to turn a cruddy developer's idea of design into a decent looking site gratefully received!
I was impressed with these screensavers from www.reallyslick.com especially the Euphoria one. Work nicely on single screen and dual screen set ups. Free, with ports for Mac/Linux too.
