To all my Chinese friends and colleagues. And another year has gone by, everybody in China is going back to where they came from for the annual reunion which is one of the biggest moves of the modern age.
This year China isn’t on the program for us, you can expect some photo’s from Croatia, Norway and Poland. Sunny wants to go to Japan as well and I still would like to visit Australia one of these days again. Maybe move house as well, we will see.
Dear Eugene,
Order time: May 30, 2012 7:34 AM
Order ID: xxx16xxx.
Your pre-order from Leap Motion has been confirmed. Note that your credit card will not be charged until your order has been shipped. We will notify you by email as soon as the devices are ready to ship.
Once we are ready to ship the Leap, you will receive an invoice and tracking number for the package.
If you have any questions about your order, please contact support at leapmotion.com.
Thanks!
…(and three conversations and a couple of mails richer)
One of the very few posts that got remarks the majority being mailed as the website is in a closed format unless you have an account. Only commented on them until Monday
For most I would suggest to visit the link again as Steve made some changes to the page and especially listen to the audio link in the middle of the page. If you have the time available listen to the last half of the security now podcast episode 304 as Steve also revisits password haystacks. Just reading the page might do it, but the idea and scope behind it is explained better if you listen to him.
A few other notes based on what I’ve received:
Q: A password like you create on Steve’s Perfect Password page is in my opinion much stronger than a haystacked password.
A: I agree, but who can remember such a password? With the right choice of password and padding you should be able to create something that comes at least close to it without the need of writing it down somewhere. The perfect password generator still has it’s uses especially for service related accounts in business environments or other uses where you don’t need to use a password frequently and there are safe storage facilities available as they have to be recorded somewhere. Or reset the password with every problem/incident you have if that is needed for troubleshooting purposes in that case only the dependencies need to be known, not the password. The last would be the safer method from a password point of view.
Q: I don’t want to use a long password.
A: Your choice, but in my opinion a wrong one. Although you cannot guess a part of a password (there is only pass or fail), in the end the only strenght is length. In case you really want to use a short one, stay away from all obvious things as they will always be tried first. Nowadays most passwords I see have one off the following formats: Password99 or P@ssword, so stay away from the obvious, also the changing of certain characters is easily anticipated (! for 1, @ for a etc.) and can be considered as part of a dictionary which will be infront of a brute force attempt. But still a short password will fall very quickly in an offline brute force attempt no matter what complexity you used so it only provides delay in an online scenario depending on bandwidth being available. Here a suggestion from somebody else that might come in handy. Take the first or last letter from a word out of a sentence you know well and use that as the base of your password and make sure all four different type of characters get in there either by replacing some characters or adding something in between (a small haystack) and make it as long as you are willing to live with. Keep in mind that the average password length at this moment is about 7-10 characters and this is what will be tried first as well. This also goes for the average of characters being used, say 50% lowercase, 20% uppercase, 20% numbers and 10% other.
Password haystacks is just a mechanism for you to remember longer passwords and it’s up to you to make them in such a way. Also try to stay away from the obvious and this includes patterns like smileys which work good for illustration purposes but if everybody uses them will not be ignored by “the bad guys” either. All other advice about passwords cannot be ignored of which the most important are to change them on a regular basis and never use the same password on more than one location. Internet (and even non internet) based services do get compromised and “the bad guys (as Steve calls them)” do get their hands your data through backdoors/exploits or simply human error, it’s up to the owner of such services to provide protection and the level of protection they have provided for your data. At the moment of writing there most likely is somebody going through 77 million accounts and you better hope that the password entries and credit card info in that stolen database where protected in some way……. and not just a single hash/password (or worse nothing at all). So in short make your password is long but memorable/usable while for somebody else it still looks like some piece of gibberish that makes no sense what so ever…. Creativity rules here, on a US keyboard you got 90+ choices per character for your password so go wild…. On international layouts there are more, but depending on where you spend your holidays you might lock yourself out by not being able to type your password (think of ñ, ö, ç etc.). Also not every website allows these either. If a website has limits like you can only use certain characters or cannot exceed this length, you might want to verify with their support department how they store your password as these are indicators that there is no protection on them. There was one person who said he’s using it to write down passwords so unless you know where to start it is hidden somewhere in there, doubt if it such a good idea as only start position and lenght need to be guessed if he would ever loose his paper, especially if the username and site are noted down as well.
We all know and use secure passwords right, we also know that a password need to be secure and the longer the password is and the more complex the password will enhance its security. The problem is that remembering these passwords is not always that easy until I was listening to a podcast called ‘Security Now’ and somebody with the name Steve Gibson said something about easily rememberable but yet still secure passwords. Read the following link : https://www.grc.com/haystack.htm if you want to know more about this. Essentially now you can create long passwords which are still easy to remember as the attacker has no idea what you’ve used. I still recommend a bit of creativity in your easy but still secure password. Something like ‘##########COFFEE———-‘ might be considered very secure but still can be guessed by somebody looking over your shoulder. The above mentioned password supposedly takes over 6 centuries to guess, while something like ‘W@nD3R!ng’ is guessed within 2 hours. This should start you thinking……..
I’m glad it was the holiday season. Weather was such a drama the car refused to get off its parking spot. The last two weeks where there for an on and off choice to either work from home or use the train. The train takes about half an hour longer due to the time lost getting to and from the station otherwise it would equal the car. The advantage is that you can do things besides driving as that is the benefit of being a passenger rather than the driver. The disadvantage is that NS had issues with its trains during this time as well. Thankfully I’ve never suffered from the consequences, trains where reasonably on time and due to distance I always have two options to get home taking different routes. So when a bridge didn’t close anymore, I simply took the alternative route which got me on trains without WiFi but take about the same time to get to the office. WiFi? Yes, the Archos 70 I’ve ordered was indeed already waiting for me when we came back from China and the thing to use in public transport. Read through a number of books in the last two weeks, that was nice. But I’m glad the weather improved to a point that the snow has now melted and I can take my car again tomorrow. And ofcourse Happy New Year to everybody, and that we have a nice and warm summer this 2011 to compensate for the December cold.
And our Chinese adventure is a thing from the past. After arriving here in September it is time to go back home for Sunny as well as myself. This is also the first article in a long time, which simply was due to not having much time available for this. After the last article before my visit to China I went back to my previous employer. Moved one of its headquarters IT wise, together with a whole team. The last taking quite a bit of time and many a weekend was spend in the office to get it running in time. Many battles with all kinds of new hard and software, a lot too learn. The Honda was bought for a reason as the Mazda was in bad shape, it also moved quite a few servers in the end. But Sunny got a bit upset during that time which in short ended up with us being in China now for close to three months and me shedding all the accumulated days off from the last two years. I do appreciate my employer for allowing this and use their offices in Beijing. The new way of working has its advantages although was stretched a bit far this time. Will doubt if it has any repeats either by myself or others. I do hope there will be more time now to add a few things so every now and then again, compared to the last two years. There are still a few unfinished things which need completion so if you find any stories in between September 2010 and January 2009 it only meant that I had the time to finish them. Next week we will be in Hainan (where it is 20 degrees warmer at least) and so far in the days off we’ve been visiting Chengdu, Datong, Taiyuan, Tianjin and surroundings as I can no longer remember all the names of places i’ve visited anymore. Maybe I’ll add some entries on those in the near future. Also the photoalbum which wasn’t working has been repaired and later on the password script will be modified as well. These all stopped working with tests on this environment little over a year ago but never took the time to fix them. So if you still have your username and password you can log on again. No new photos where added either so at this moment there isn’t nothing new to be seen. I will add all the photos of the last three months before modifying the password change script so when you receive an e-mail the photo’s have been uploaded as well.
ǝɯıʇ ǝǝɹɟ ɥɔnɯ ooʇ ǝʌɐɥ noʎ sıɥʇ pɐǝɹ noʎ ɟı
  |
  |
Don’t worry, still have the car. I just changed jobs, this was the last day with my current employer and tomorrow will be the start with a the new one. So no more travelling abroad and the amount of spare time will also increase a lot as travel time will be cut down considerably. The new job will keep me closer to home which is a nice thing since traffic in Holland is becoming more and more of a disaster during rush hour. It will save me about 1.5 to 2 hours per day. Makes Sunny a lot happier as well, the same with travelling abroad as she doesn’t like to be alone in our apartment. How this new adventure will unfold I do not know yet. Different environment, different challenges……. Tell you later, I guess.
Before ESXi was released as a free product I’ve run the full blown version on an old HP Desktop for testing purposes which quite a few people used to run ESX 3.5 on and just reinstalling the product every 60 days. The main disadvantage was it’s powerconsumption with the P4 2.x – 3.x processor in there. Mine ran close to 100W continuesly. Until then I was running two MiniITX based systems which each consumed about 45W~50W each, but both of them getting close to three years of running time (continuesly). And as this one was supposed to run continuesly as well I thought it would be nice to cut down on power consumption by building a new solution but didn’t want to spend too much. I wanted to keep the budget below € 500,– for something that will last me hopefully three years, this was less then what I spend on the previous MiniITX solution. After investigating what was supported by VMWare and what was on stock at my favourite IT shop I decided on the following:
Asus Vintage V2-P5G33 barebone which supports up to 8Gb of memory and has a ICH9 SATA chipset, an Intel Core 2 Duo E6550 2.33 Ghz processor, a 1Tb Samsung drive and 2*2Gb of memory (added 2*1Gb which I already had) and as the onboard networkcard was not supported a 1Gb Intel network card. Well within the set budget.
After piecing it together migrating the domain from the two previous servers and the HP Desktop adding a few other virtual machines which came from the existing ESX Desktop I looked at the power consumption which was about ~85W. It will not return itself through the electricity bill but I’ve got something that will run for the next three years again. Just in time as one of the MiniITX boxes finally caved in as the power supply died and the processor fan was making noise. The other one will be converted into a backup solution later on.