Withdrawl from Tech

I’ve just come back from illness and it was a lot of time spent not being able to log in. Initially I was too out of it to connect, but after being admitted to hospital and getting the appropriate treatment I found that the cannulas in my arm caused me a distinct inability to type. This meant for 5 days I found it extremely difficult to type or even use the mouse. Five days of not logging in found me sleepless at night wondering how many emails were piling up and what issues may be creeping into my server configuration. Fortunately for me the emails were simple enough to deal with and the server configuration is robust enough that it lasted the five days. I’m really not sure that I want to have to live without my connection again. I might even go so far as to say it was the worst part of the illness. Are you the sort of person who can’t go without logging in ? How long have you been away from the net before you’ve been compelled to check you email, Facebook or Twitter feed?

DARPA seeks to free the world from passwords | ExtremeTech

Trying to remember complicated “secure” passwords may be a thing of the past if the Defense Advanced Research Projects Agency (DARPA) gets its way. The research arm of the US military is putting a call out to developers to begin work on software applications that will allow a computer system to identify a user by analyzing the way they type, instead of using the traditional password method. A novel idea that has its roots back when Morse code was the de facto standard for communications across the world.

In the early twentieth century, experienced Morse operators had distinctive traits to their signaling, called their “fist,” that would help to confirm their identities to people familiar with their style (i.e. Allied or German forces trying to crack radio communications). Think of it as handwriting identification for sounds. For example an operator could by habit elongate an individual character or word, or hang for a certain amount of time between words. Just like your middle school teacher could tell when you forged a note from home, Morse operators could tell when a message was coming from a person they usually dealt with or from a new person in the loop. This was also used to rate an operator’s transmitting skill. If they had clean messages that were easy to copy they were called a “Good Fist,” but if they transmitted poorly and made life hard on the receiving operator they received the label “Bad Fist.” DARPA is looking for a similar identification method for computers; it wants terminals to be able to identify your fist and use that as a pass phrase rather than having you create insecure passwords that are easy to remember.

The idea’s theory rests on the study of something called “keyboard dynamics.” Researchers at Carnegie Mellon University have observed people’s typing habits, and have identified that the methods of motion we have developed are not controlled by deliberate thought, but through learned motor controls. Their studies conclude that a potential hacker or thief would have a difficult time cracking and emulating your style, and that it would be more than capable of providing secure access to sensitive services.

Fingers on keyboard… (to buy Cyber Monday specials)The problem with passwords in this age of high connectivity is that phrases that are considered secure are usually very hard for a person to remember. “6tFcVbNh^TfCvBn” is an example of a password that passes DARPA’s security check, but would be a nightmare to try to commit to memory. This leads users to either create simple combinations of numbers and letters that are significant to their lives, or to put the complicated passwords on paper. Of course, both methods are incredibly insecure, but add in the fact that the average user uses the same password for everything (you do have unique passwords for all your services right?) and you have a security nightmare on your hands.

While I am all for creating a way that I don’t have to remember every single password for all the services I use, I am a bit skeptical about how long this method will actually stay secure. In my experience, there isn’t a security scheme in the world that hasn’t been cracked or duped in some way. Take for example the famous Life Lock case, where the CEO put his Social Security number on billboards around the US, claiming that no one could steal his identity. It took about two months for several individuals around the internet to crack and harass the man with junk mail, credit card applications, and Viagra samples. My question is how would this identification system stand up to a simple keylogger? It’s pretty simple to be able to record keystroke timings over a long period of time for analysis then emulation, so what kind of security would be applied in conjunction to make sure that it’s you and not some other punk trying to get your info?

A password perhaps?

Read more at The New York Times or DARPA

via DARPA seeks to free the world from passwords | ExtremeTech.

A “real” user proves Windows 8 fails on the desktop | Geek.com

I’ve just finished watching the video for geek.com’s post of blogger Chris Pirillo’s dad and I have to say. I installed the developer release of Windows 8 and it appears that nothing has changed in Microsoft’s development plan for this iteration or their iconic OS. I echo the call of Pirillo’s dad when he says “Are they trying to drive me to a Mac!” Check out the video at geek.com.

With the release of Windows 8, Microsoft is attempting to change the way we interact with its operating system by introducing the Metro interface. The problem is, they aren’t just stopping at pasting a touch-friendly experience over the top of the more familiar Windows desktop. Microsoft has also broken the classic desktop experience in the process.The main issue? By default the Start button has disappeared. Anyone using the Windows 8 Consumer Preview check out our 5 days with Windows 8 feature is either figuring out how to work around that, or Googling to find out how to re-enable it.The thing Microsoft seem to be overlooking is the fact they already dominate in the OS market. That’s a great position to be in, but also comes with a few must-haves whenever a new version of said OS is launched. Top of that list is familiarity.Microsoft has introduced Metro because of the growing popularity of devices with a touch interface. However, that doesn’t mean millions of users will stop using PCs and laptops that don’t feature touch interaction. And yet, the classic desktop has lost the one feature everyone knows is the interaction start point: the Start button.The video above proves this. The person sitting at the computer is Chris Pirillo’s dad. Pirillo is well known for being the founder of Lockergnome. He decided to film his dad using Windows 8 for the first time to demonstrate to Microsoft the issue, and it clearly shows an existing Windows user struggling to do anything. He isn’t a power user, but neither are the majority of Windows 7/Vista/XP users.The message this video clearly sends is that Microsoft is at risk of alienating their existing user base due to a lack of familiarity. The good news is, they can easily solve the problem by reintroducing the Start button and adding a few more hints about how to switch between classic and Metro views. But will they?

via A “real” user proves Windows 8 fails on the desktop | Geek.com.

SOPA: Jan 18 Blackout

I was perusing Facebook and a friend found the following site that had collected a list of sites confirmed for the Jan 18 protest blackout.

Confirmed Sites

The list is very long and containsStop SOPA many notable sites. Several of these sites are regularly visited by myself. These include the Mojang, reddit.com, GOG, the Cheezburger Network and Boing Boing.

If you’d like more information on the SOPA blackout check out the following article;

Sopa blackout set for january 18th. Heres all the info 2012 01

and make sure you contact your political representative.

 

Linux turn OFF password expiration / aging

I’ve spent a bit of time setting and resetting passwords. The following article from nixcraft shows us how to  set this to custom settings.

/etc/shadow stores actual password in encrypted format for user’s account with additional properties related to user password.

The password expiration information for a user is contained in the last 6 fields. Password expiration for a select user can be disabled by editing the /etc/shadow file

However I recommend using chage command. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

To list current aging type chage command as follows:

# chage -l username

Output:

Last password change : May 22, 2007

Password expires : never

Password inactive : never

Account expires : never

Minimum number of days between password change : 0

Maximum number of days between password change : 99999

Number of days of warning before password expires : 7

To disable password aging / expiration for user foo, type command as follows and set:

Minimum Password Age to 0

Maximum Password Age to 99999

Password Inactive to -1

Account Expiration Date to -1

Interactive mode command:

# chage username

OR

# chage -I -1 -m 0 -M 99999 -E -1 username

via Linux turn OFF password expiration / aging.

Go to top
%d bloggers like this: