Author: davehamby

A modern Merlin, hell bent for glory, he shot the works and nothing worked.

Categories
Holiday Letter

2014, That was the year that was

Duck and Horse

I’m doing something novel this year. I’m actually writing my holiday post in the year it is about. Usually, I keep putting off holiday cards and the the holiday post. This whole business got started in 2006 when I moved up north to Rhode Island and it became difficult to make the Thanksgiving and Christmas pilgrimages to visit the relatives. The 2 day drive from Newport was too long, especially with dog lodging and wee breaks. So I started a Facebook page and began writing the yearly letter to send out with Holiday cards. Over the years, the on-line community got larger and a good bit of it (second cousins) were mobile making it hard to send cards. The card list is down to 10 or so retired moochers.

I Joined the Retired Moochers

Medicare sets you free! In January, I joined the retired moochers. Several cousins had preceded me by retiring early. With the health insurance situation in the US, I felt compelled to work until 65 when I became eligible for Medicare. So I retired at the end of 2013 having given my employer a year’s warning that i was going to bail. I don’t miss work one bit. Since moving from Newport to Norfolk, my command had become increasingly dysfunctional, largely as a result of the location down the street from the real Navy but also as a result of some unfortunate choices of support staff. IT was trying to wag the dog in modeling and simulation and the security pukes were getting increasingly obnoxious, and I was becoming less connected to the product over the last couple of years.

Continue reading “2014, That was the year that was”
Categories
Greyhounds

Got-ya + 2 weeks

Nick and Missy Share!

Petting Out

I can’t brag on Missy enough. She’s been so easy after a couple of tense days while she was deciding we were keepers. Just 3 months ago, she was in a racing kennel at the Mobile Greyhound Park, a dim spot in the industry. After 40 starts, she was retired because she ran in mid-pack with no prospects for improvement. She received her pre-adoption health care in Mobile. From there she went to a Florida minimum-security prison to go through the Second Chance at Life foster care training program. After 2 months with her trainer in a dormitory environment, it was into a dog hauler for the trip to South Hill and by car from South Hill to Norfolk. Missy spent several hours with Old Dominion Greyhound Adoption. Sam and Gay Latimer looked after her for until I could hook up with them for delivery in mid-afternoon. She was pretty wary but eventually she was willing to load up for the ride home. We delayed delivery until after I had finished a morning engagement so I could stay with her to begin the bonding process.

First Days Home

Greyhounds bond with their new pack mates during the first two or three days at home. Until bonding is well underway, risk of a loose dog running off is pretty great so you can’t be too careful with doors, gates, and comings and goings during the bonding period. Missy pretty quickly decided she had it good and should keep Nick and I. The changes during the first 3 days were pretty dramatic as she dropped the shyness and learned the household routine.

Around home, she was uncertain of me and some spaces at home, especially the sally port into the back garden. This is a narrow area between the car port shed wall and the side yard fence that is about 3 feet wide and 5 feet long. She really didn’t want to go in there, probably a reaction to rough handling being loaded into the starting boxes at Mobile. Over the first week, this behavior gradually resolved itself with patience and gentle leadership on my part and lots of treats.

Missy and Nick

Missy and Nick hit it off pretty well. There’s been amazingly little indoor posturing on Nick’s part. For the most part he has been gentle with Missy and Missy has been comfortable with normal encounters in the confined spaces of a small mid-fifties modern hip roofed ranch. It is not unusual for there to be some telling off when a hound approaches a lying hound but she’s told Nick off only twice that I’ve seen and he’s not told her off. As you can see, they are both comfortable piling on the big Bowser life raft bed and will share my bed.

While I’m Out

I’ve let them have the run of the house unmuzzled while I’m out. I’ve tried to limit trips to 4 hours or less so we’re not testing Missy’s endurance limits. So far no signs of separation anxiety or unpleasantness during my absence. I expect this will continue as both are generally well behaved while I’m in.

The Back Garden

Missy likes to rip about with a ball or stuffy and actually plays fetch. Nick may be angling for a more dominant position while they are out in the garden. I’m seeing some posturing during chase play. If there is some tension, the dog in back will do some vocalizing and possibly some air snapping.

Missy will start play with a stuffy, Nick will get in trail and hang in for a few laps with some vocalization. Missy will entertain him for a few laps of the garden then turn out and tell him off. You can see this in this video. I pieced this together from short clips taken over the past two weeks. So far, no bickering matches and no evidence of teeth.

The catch is that most outings are calm and orderly. It is only when I get Missy spun up with a toy that this happens. Nick ducks out into the carport for a bit, screws up his courage, and emerges for this bit of chase. Nick is starting to feel his 8 years and Missy is still less than 3 and track fit. Fortunately we have 40 by 90 fenced so they can’t get going fast and are always in sight. I’m working on teaching them to come to me when things appear to be escalating. So far, so good.

Walks

During this period, I gently introduced her to walks in the neighborhood. You have to let them take things at their own pace. It can take a while to undo the harm of a scary encounter with common neighborhood hazards like children, other pets — especially those with rough coats who appear aroused to a smooth coated greyhound, charge the fence dogs (greyhounds are particularly sensitive to fence posturing), cats, the hoody shuffle teen, etc. So far, this process is going well but we are careful of when we are out and that we’re away from the bus stops when school buses are releasing packs of rowdy children. I’m also careful to alert folks at a distance that Missy is newly retired and may react to them. If I see ears go up, I get the dogs onto a yard and we watch whatever prompted the reaction pass. So far, so good.

After 2 weeks, Missy likes walking with Nick and Nick seems more confident with another hound at his side. This summer he was becoming shy about walks after being charged by a couple of loose dogs and an encounter with a nest of tracker-jackers (red wasps). Yes, one trial learning is possible. He avoided that street for a month. Missy was a bit uncertain out in the hood the first week but she’s getting pretty confident and will walk our two favored blocks (less dog posturing at the fence) relaxed and in a decent heel. When she’s concerned, she’ll constantly change sides and generally be obnoxious so I am glad to see this development.

Supper

Jennifer taught Missy table manners so we were off to a good start for my meal. Missy’s Delta Tau Chi nick name is Hoover. She puts her food down pretty quickly then shifts suction to Nick’s dish. Not a dog to free feed. Her idea of free feeding is “food is free so I should eat it all.” So Nick and I are working out how to feed Nick. What works best is to feed Missy first, then feed Nick while I eat. Missy is good about taking a place in the corner and staying to be fed treats once her supper has kicked in and she is feeling satiated. The hard bit is to get Nick eating again on a schedule. I’ve cut his ration a bit so he’ll eat it all and we all eat together (approximately) as described above. Fortunately, Nick is not shy about asking for seconds and only as needed. He maintains weight well.

Categories
Greyhounds

Missy’s Foster Mom

I thought I’d take a few minutes to introduce Jennifer, Missy’s trainer in 2nd Chance at Life’s inmate dog training program. Over the years I’ve heard stories about correctional institutes working with outside groups to introduce selected inmates to dogs and dog training. These stories have been favorable with good rehabilitation for both dogs and inmates. The rescue dogs get a chance to start a new life and the inmates experience the joy of life with dogs, learn compassion and responsibility, and dog training skills.

Missy came with the following wishes from Jennifer.

  • To never have to be scared again, to only be happy.
  • To have a big yard to run around and catch balls.
  • Lots of yummy treats and maybe even some peanut butter
  • A big, fluffy, comfy bed or to be able to sleep with you in yours.

Jennifer’s Letter

Jennifer wrote the following longer letter

Thank you so much for adopting this sweet, amazing girl. Im sure she will seem a bit scared at first but give it a little time and I know she will get used to you and trust you. You are going to be happy with her.

Her favorite thing to do is play catch. She has so much fun playing with toys and balls. That could be a great way to get her out of a fearful state.

When God chose me to train Missy, He is always right. God always knows exactly what’s good for everyone. He truly blessed me when He put the two of us together. She is a spectacular friend and her love is amazing. Get ready to laugh at her goofy personality. I am so grateful for the time we got to spend together.

I pray you are blessed even more than I was, and that was a lot. I pray you guys live a long, happy, and joyful life. A life filled with love and peace. For an abundance of blessings.

Thanks for being the greatest part of the Second Chance at Life Program. Without people to adopt the dogs we would be doing this for nothing. But you make it possible for these dogs to leave hear and go on with their lives the way they were meant to. To be the animals they were born to be. Also, you make the Second Chance available to us here in prison. 

Jennifer

PS: Please do not crate

Thank you, Jennifer

You did a great job with Missy’s transition from track life to home life. Adopting a greyhound is always an adventure and I’ve had some that were messy rooms when they came to me. But with patience, consistency, and creative use of peanut butter, most problems can be solved in time.

Lord Nick, Missy’s consort, is an outgoing adventurer originally lacking in emotional control. Easily frustrated, he spent his first year with me being a total delinquent. At the end of our first year together (his 4th birthday), the frustration behaviors came to a stop and he’s matured into a normal adult. Four years on, he’s as nice a male greyhound as you’ll ever meet.

Nick and Missy hit it off pretty quickly as Nick escorted Missy around the back garden and showed her the house routine. She amazed me by recalling at the end of day 2, sitting on cue at the end of day 2, and by actually playing fetch. I’ve only met two former racers that would play fetch and Missy is the second. You’ve done a great job at getting her started.

I know it is tough to give one up. Foster dogs have a way of coming to stay out in the world. She’s been a real joy. We both fell for each other pretty quickly. As you know, it takes about 3 days for them to decide to keep you and she’s done that. Your compassion and concern for Missy are touching and the notes that you sent along with her have proven invaluable to me in helping her bond and settle into the household.

It was invaluable to know that she liked to play ball. Saturday morning (day 2), Nick wanted out at 0600. Missy hopped up too so I took them both out to the back garden without putting Missy on lead. She played little miss spook for 2 hours while I went through every stupid human trick I could think of to get her to let me approach and put her on lead. Then I remembered the note about balls and ran in to retrieve this dodge ball sized red thing that is designed to squeak and to be carried. It had sat unused as Nick and Rhea totally ignored it for several years. A few squeaks and the game was on. I played fetch with her until she finally tired, flopped down into a submissive position, and let me hook her up. Since then, we make it a point to play fetch on each long outing.

That note and the caution not crate here were invaluable. When I have to leave them alone, I’ve been turn-out muzzling and baby gating them. They use the back bedrooms (mine and my study) when I’m out. They quickly settle and nap until I return. I don’t think I’ll need to muzzle them. I took the photo up top after day 4 morning turnout. They are already comfortable together in tight spaces!

I hope things continue to go well for you, that you have more pups to train, and that you have a successful return to the world when your term is up.

Dave

Categories
Greyhounds

Got Ya Day

Introducing Missy

She’s here!

And she’s a bit shy. But she had a pretty unsettling couple of days being loaded into a greyhound hauler for the trip to Tidewater, a few hours with Dominion Greyhounds adoption coordinator, then hand-off to me. The original plan was to do introductions at my friend Judy Schooley’s home, then take the dogs on home. Missy was so shy that I nixed that plan, stopped to retrieve Nick, and took her straight home. Of course, this was Friday, a mid-day beer tasting outing at O’Connor Brewing here in Tidewater with Judy, send Nick to Judy’s, drive to Gay’s to get Missy, then to Judy’s to retrieve Nick and home. We got in around 4 PM on Friday.

Missy loaded up without fuss. I put some treats in the way back, told her to kennel up, and she did. Nick crawled in the back seat of my Audi A4 Avant and snuggled up with the X-Pen that was in the foot well. The trip home was uneventful. Missy quickly settled down in the way back to watch the world go by. No words were said. No dirty looks were given. An auspicious beginning.

Homecoming

Once home, I brought both hounds to the back garden to meet. These things generally go easier when both dogs are off lead and have some room to move around. Missy and Nick walked around a good bit, Nick with Missy in tow as he showed her the back garden. Nick also introduced her to the back garden squirrels who are now picking pecans next door in a velociraptor free yard. Nick and Missy beasted one squirrel together then played a bit of chase. Nick was ready to go in but Missy decided to play hard to get. It took a good 30 minutes to coax her back in. She was shy of me and shy of the narrow back garden entrance. But after a half-hour of silly human games, I was able to get a lead on her and escort her in.

Nick settled right down while Missy toured the house. Eventually, she settled down and both goofed off until supper. Missy had not been fed before her trip north so she was ravenous. She ate her ration, then Nicks, then another two cups. A very full dog, she tossed the third ration up later that evening. For the rest of our turnouts, she went out on lead and dragged a lead to make her easier to retrieve.

Saturday

Saturday got off to one of those starts. Nick wanted to go out at 0600. Missy wanted to come along. I let her off lead, mistake! Two hours later, she finally let me bring her in. Same not quite sure of me or the back garden gate thing. But her Second Chance trainer mentioned in her letter that Missy liked balls. I went in and brought out this big red thick-skinned dodge ball that can be rolled but is ribbed to allow a dog to carry it. I rolled it across the lawn. Missy went after it, grabbed it, and began ripping around the yard having a grand time. When she tired, she was ready to be retrieved and go in. During the course of Saturday, she realized that the retired moocher life was not so bad. By evening, she came when called to be put on lead and actually sat on cue. She slept through the night.

Sunday

They change so much in the beginning. Missy and Nick trotted out into the back garden, did morning toilet, played some chase with the ball, and came in. I showered up for church with Missy paying special attention my bathing and dressing. Fortunately, shower doors open outward or I’d be chasing a wet dog about the house!

They both went out for pre-church toilet. Missy came right in and entered the house with minimal prompting. She’s getting the hang of this pet life pretty quickly. I brought them in and set up the baby gate with them in the two back bedrooms. Missy hopped up on my bed and settled down. Both were muzzled for some extra safety if someone stepped on someone and the stepped upon one took offense. It is rare for things to go to teeth in that circumstance but caution is wise in the beginning and during rough play.

By this point, it was pretty evident that Missy has decided to stay around. She’s sweet on me and on Nick and is a real hoot. She’s got the nicest ears and carries them half erect while she’s up and about and she is definitely playful. Nick has the running buddy he’s always wanted.

Categories
Greyhounds

Introducing Dancin Bahama

The new chaos unit is in a http://www.giveasecondchance.com halfway house beginning the transition from the working girl life to retired moocher life. According to Jennifer, her mentor, she is doing well with her house manners but is startled by noise. Not one to take to the Harbor Fest fireworks!  She’s expected to complete charm school in about 2 weeks and will be traveling to Tidewater Oct 16.

Thanks to her original owner, Peter Limer, for offering Dancer for adoption. Peter is a well respected NGA member and has campaigned a number of top gear dogs. He is well thought of in the industry and is regularly mentioned in NGA articles.

Dancing Bahama at her farm
Greyhound Data reports that Dancer had 40 starts, all finishing in the middle but off the back a couple of times. She was not covering her grocery bill so she’s petting out at 2 years 6 or so.

She’ll be my 6th retired racer. They’ve all been unique individuals and each one has presented his or her challenges. Dancer joins Lord Nick, also known as Nearly Headless Nick, Captain SLO (a story for another day), or Nick Nut. Nick fancies himself Alpha and can be a bit full of himself. But he’s acting like he’s ready for a best buddy. From her trainer’s notes and from her running style in her racing stats, Dancer is content to go along and get along. She didn’t have to be out front but was always in the thundering herd. I think she’ll be content to be Lord Nick’s consort. Lord Nick and Lady Dancer has a bit of a ring to it.

Messing around with available light

Categories
Web hacking

Hosting Options for Small Non-profit Web Sites

 

ODU Virginia Beach Higher Education Center

 

This spring, I enrolled my church in Google Apps for Non-profits. Being new to the process, we started with a Small Business Trial enrollment, then the non-profits enrollment, and finally, tying the two together.

Today, I started my second Google Apps for Non-Profits application, this one for Old Dominion University Institute for Learning in Retirement. ODU ILR is an almost all-volunteer run non-profit. We have two office staff that handle member enrollment, program registration, book keeping, and receive the member’s program fees for us. We have a web site, accounting system, member enrollment and course registration system, and do mass mailings. Most of these systems were established in the 1990’s and have become dated, especially our MS FrontPage and Juno.com E-mail.

Continue reading “Hosting Options for Small Non-profit Web Sites”
Categories
Web hacking

Google Apps for US Houses of Worship, Part 2

The Norfolk Hague

Google Apps for Non-Profits

Google offers its Google Apps services to qualified non-profit organizations. In the United States to qualify an organization must be either a

  • US IRS 501c3 corporation whose Employer ID number is registered as such in the IRS EIN database
  • An affiliate of a 501c3 corporation that has established an Group Exemption Number and has included the affiliate in the group.

To verify your status, Google checks the IRS database. If your organization qualifies, its records will include a group exemption letter like the one shown below.

Google Accepted IRS Group+Exemption+letter+formatThe annotations to the right show the information that Google requires.

Google Follows the Rules!

Back in the spring I wrote about applying for Google Apps for Non-profits on behalf of my church, Unitarian Church of Norfolk. Apparently, our application awoke Google and they have developed stricter guidelines for application processing. At the time UCN applied, UUA had established its EIN as a 501C3 qualified corporation but had not established an affiliated-organizations group number.

At the time, Google let UCN slide in to home. Since then, Google has expanded Google Apps for Non-Profits to the UK, Japan, and more. As the program has grown, they have become stricter about the rules. UC Boise attempted to apply in late summer of 2014 and was unable to find a way through the maze. Like most Unitarian Universalist churches, they were relying on their existence as a house of worship to provide tax-exempt status. They, like UCN, had not enrolled as an IRS 501C3 corporation. And the UUA has not established an exempt affiliates group.

UC Boise’s experience is that Google strictly requires one of two things.

  1. The church’s qualified EIN
  2. The church’s membership in a qualified group

Further, Google is requiring that this be verified electronically by query to the IRS database. They are no longer crawling submitted paperwork.

Becoming a 501C3 Corporation

The process is not complex but it will take a day or two of a member’s time to complete the IRS paperwork. The rub is that the IRS charges an $850 fee to process the application. This is a significant one time expense that would have a 1 to 3 year payback time depending on the number of Google Apps seats needed. Most houses of worship will want from 5 to 15 seats to cover employees and church jobs that need E-mail. Google Groups may be used to reduce the number of addresses needed. Google Groups is useful for church activities that don’t need to have an official voice. Most committees are better served by groups but minister, office, web admin, and the officers really should have E-mail accounts.

Two IRS forms are of interest. Form 1828 describes the regulations governing US houses of worship. Form 1023 is used to file to become a 501c3 organization.

Form 1023 includes the application, instructions, and fee information. The applicant’s yearly budget determines the fee with a break point at $10,000/year. Most churches will be above the break point and will incur the $850 fee (2014). The IRS estimates that it will take 8 to 16 hours to gather the relevant supporting information.

The wise church will apply for 501c3 status while its budget is below $10,000/year. Although not strictly required for tax purposes, membership has its advantages like free Google Apps for Non Profits.

 An Alternate Google Apps Approach

UC Boise has elected to use Google Apps for Small Business which provides similar features (but probably not the new Classroom product). Google charges small businesses $5/E-mail per month or $50 for the year prepaid. UC Boise has elected to establish 5 accounts, probably a workable minimum. Most congregations will want accounts for the following billets

  •  Minister
  • DRE
  • Office
  • President
  • Treasurer

It is good to have accounts for the Webmaster and Google Apps admin but these can be directed to the office. This design will cost UC Boise $250 per year. With a more robust 15 accounts, Google’s bill would be $75 per month or about the same as the phone service. This more robust provisioning would cover the rest of the officers, provide Google Apps and Webmaster dedicated accounts, and provide an account for the Volunteer Spot volunteer coordinator.

By way of comparison, $75/month is about the cost of high speed Internet service or telephone service for 3 lines from Cox Communications in Tidewater.

Why Google Apps?

The more astute moochers out there will quip that free services will do all of the stuff that Google Apps does. That is indeed true. Zoho does E-mail, Dropbox and Evernote support collaboration, YouTube is free, etc. Why Google? Generally, when a service is free, facts about the users are the product. Be sure you read the terms of service and understand the acceptable uses and what the provider will do with information derived from your activity.

UCN elected to go the Google Apps for Non-profits route because

  • 50 or so of our fellow congregations had blazed the trail
  • There is a single point of administration and control
  • All services can be UCN branded
  • Key services G-mail, hangouts, drive, YouTube, etc are increasingly integrated

 

Categories
Site changes Web hacking

New URL: Retired-Moocher-Dave.org

The New URL

Today, I finally took the plunge and gave this beast it’s own URL, http://reitred-moocher-dave.org. Those of you having davehamby.wordpress.com book-marked will find that you are forwarded to retired-moocher-dave.org. Please update your book-marks as Automattic makes no promises about how long the mapping will be maintained.

I registered the domain indirectly via Automattic, the fine folks who make WordPress and operate wordpress.com. Automattic still hosts the blog for me. For a simple, no-frills site like this one, it made sense to do it all with Word Press rather than registering separately with EasyDNS at retail. That route would have been a bit more complex and expensive. Word Press with a custom URL is $26/year. There will still be an advert at the bottom and I’m still restricted with respect to theme choice and plug-in choice but the stock 2014 theme and plug-ins meet my needs.

Continue reading “New URL: Retired-Moocher-Dave.org”
Categories
Personal Computing

Making Good Passwords for the Rest of Us

Every week brings stories of a new software exploit or corporate data breach in which user names and passwords are stolen. Security “experts” are advising us to make ever longer and more complex softwoods and to use unique passwords for each site that we visit. Why is this good advice and how do we go about making good but usable passwords? And how do we remember them all? I’ll attempt to answer these questions in this article in a way that is accessible to my retired buddies and family.

Why a User Name

There are lots of reasons to have a user name and password at sites that you visit regularly. Some benefit you while others benefit the site operator in a way that allows them to continue to provide the site’s service to you.

  • The site can provide personalized service
  • Some services are provided only to authenticated users having a standing business relationship with the organization (like your bank)
  • The site accumulates information that allows it to provide better services to you.

Some of these things can be done with or without an E-mail address using your home’s IP address as a substitute. Without an account, the site has no way of knowing which of several users at an address is actually visiting: you, your spouse, your 13 year old son? Without a sign-in, the site has to make somewhat general decisions about what to show you.

Why a Unique Password?

A password is a secret shared between you and the web site. When the user name and password pair are unique to the site, successful presentation of the user name and the associated password verifies you to the site and the site to you. You’ve shared that particular secret with only one web site. You each know that the intended party is at the other end of the line.

If login fails, you may have miss-typed the URL. Double check the URL before doing missing password procedures. It is not uncommon for unscrupulous operators to attempt to collect user name and password pairs by impersonating a site on a common misspelling of the URL.

Why a “Complex” Password?

The primary reason to use a complex password is to avoid well-known passwords or passwords composed from information known about you that an impersonator can obtain. This basically prevents an unscrupulous unskilled individual from committing theft of service or tampering with your relationship with the various sites that you visit. It is not intended to protect you from an organized and systematic attack.

Intelligence agencies and criminal syndicates make sophisticated attacks to break into web sites. One thing they try is to use statistically common passwords like “password12”. And surprisingly, they can make all the mess-ups like “pa$$word12”, “pas$word12”, etc. Most sites attempt to protect accounts against password guessing using several techniques.

  • Limiting the number of failed log in attempts in a time period
  • Increasing the delay between log in opportunities
  • Locking the account and requiring use of lost password procedures which involve different shared secrets.

How Passwords are Stored

Reputable web sites do not store your password. Rather they store the results of operating on your user name and password and possibly some well-known (to the site, anyway) other stuff to compute a hashed value. The addition of other stuff is called salting the hash or just salt for short. A hash function is a function that maps a string of data into another pseudo-random string. It is easy to compute the hash but prohibitively expensive or impossible to retrieve the original string from the hash because the hash function makes a many to 1 mapping. The hash is useful because the inputs that map to a given output are wildly different. No recognizable variation of the input string will give the same result as the correct string .

As a result, Google can not tell you your G-mail password. Google only has the hash. It is likely that the hash input and hash algorithm are designed to give different results when a common password is used with multiple Google accounts. Compromise of one account does not imply compromise of other accounts. Others may not be so clever or careful as Google.

What is taken in a break-in?

In many break-ins, the attackers gain the password database which is basically a list of user names with their hashed passwords. Many sites, especially entertainment sites, use a well known authentication process. Each such site produces the same hashed value from your E-mail address and password.

It is common for attackers to sell lists of user name password hash pairs. Today it is possible to break the hash to recover the original password. In other cases, the password list is stored in the clear and lists of user names with passwords are also available. Availability of these lists allow others to compromise your account to steal from you or to impersonate you.

What do I do?

To limit the consequences of password compromise and to authenticate my bank and broker’s web sites, I do the following.

  1. I use unique passwords for each site
  2. I use a password manager to store all my passwords
  3. I use a password manager that syncs password data among computer, phone, and tablet
  4. I chose the password manager carefully.

Making Unique Passwords

It is hard to make up good passwords. Choosing words myself generally results in using words associated with me, my interests, or my experiences. They’re not really random. Same with numbers. They’re usually the last 4 of an ancient phone number.

Instead, I use dice ware to make good but easy to type passwords whose parts are chosen randomly. Dice ware is a word list used with a dice cup and 5 dice. Do use real dice as computer random number generators are “pseudo-random”. That is, started with a seed, the random number generator will always make the same sequence of numbers. Which is to say, that they’re not random, they only appear to be. You can’t guess the next one given this one but you can reset the seed and recreate the sequence.

For web sites, I use three rolls to pick two strings (usually words) and a number. Each roll has 6 to the 5th power outcomes that are independent so there are 6 to the 15th power outcomes. Two rolls select a word from the word list. The advantage of the dice ware technique is that two words and a number stick in short term memory long enough to allow them to be typed easily yet the search space is big and fairly random. And you will come to remember those you use frequently. And there is nothing about the passwords that suggests you are using dice ware to make them. The dice ware word lists are available for a number of languages in addition to English that use the Latin alphabet.

Most sites will hold a password made this way. The troublesome sites are those that have a high complexity requirement but short string length. It is difficult to produce easily remembered 8 character passwords that have 2 digits, 2 punctuation, and one or more caps. You’re down to 4 letter words or going random. Also troublesome are sites that don’t tell you the maximum password length. These sites are truncating your password so the numbers, caps and special characters can be lost if they’re near the end.

Remembering 200 Passwords

I can’t do it. I don’t think computer security expert and ace cryptographer Bruce Schneirer can do it. So I use the OS X/IOS built in password manager and commercial product 1Password. The built in pass word manager works in the web browser and stores passwords in the OS X key chain. It can also store your SSH keys (for geeks) as of Mavericks and is synchronized via iCloud as of IOS 7.

I keep everything in 1Password also because I can use 1Password to keep track of security questions and responses and other information about the site and my relationship with the site that Key Chain will not store. As of IOS 8, applications will be able to ask 1Password for data. Agile Bits explains this interface and the actions they’ve taken to prevent misuse in their blog.

1Password never gives anything up without you authenticating using your 1Password master pass phrase. I have a good one that I can remember that I made using Dice Ware. It is guess proof.

The folks at 1Password understand cryptography and know how to build secure cryptographic applications. All 1Password data is protected using AES256 encryption and care is taken that the plain text and cypher text are not left lying around in memory.

Categories
Web hacking

Web Scale Software Challenges for Lay Folk

An Example

This post grew out of a chat with Jae Sinnett, a great jazz drummer, composer, band leader, and music educator here in Tidewater Virginia. Jae likes to write essays about jazz music and the joys and trials of being a working jazz musician. He publishes these on Facebook and he writes well and at length. But Jae’s essays often come out as a single block of text with the paragraph breaks missing.

Thinking Jae had not discovered the secret sauce for getting Facebook to create a paragraph break, I commented on a recent essay to describe the shift-return technique. It turned out that Jae knew this technique but that it worked or failed at random. What could be going on?

Continue reading “Web Scale Software Challenges for Lay Folk”