Today we hauled my trusty Lexmark 4039 off to recycling. Unfortunately its paper handling was shot, and parts and documentation for that model are nearly impossible to find. I found the alleged service manual, but couldn’t make sense enough of the documentation to fix it.
Password pain
ChannelInsider bemoaned bad password policies and practices late last week.
It’s a problem. Security (unfortunately) is my specialty, so I know it’s a problem. But it’s going to get worse before it gets better.There was an old User Friendly cartoon where a helpdesk operator spitefully changed an annoying user’s password to something like !Qoh&32;[ or something like that. Unfortunately, we’ve gotten to the point where the industry-standard password policy requires users to have passwords like that–only twice as long.
Let me tell you about one of my clients. Their policy is especially draconian. The passwords have to be at least 15 characters long and have two uppercase, two lowercase, two numbers, two special characters, and two umlauts (OK, no umlauts required), but then they add some other restrictions on top of that. These restrictions make the passwords considerably harder to remember, but they also significantly reduce the number of possible passwords (which is why I won’t disclose the restrictions–and no, I won’t disclose the name of the client either). So the end result is that the passwords look really secure, but really aren’t any more secure than the 8-character passwords they were using a few years ago that had fewer restrictions.
There are several unfortunate results to this situation. One is that it takes several days to come up with a decent password. As a result, passwords get passed around. “Does anyone have a password that works right now?” is a common question I hear. Yes, passwords get passed around. Or, slightly less worrisome, they become collaborative works. Someone hands over a slip of paper with something cryptic like 1977-22@MINal.296 written on it and wants to know why the password policy rejects it. If the first person can’t figure it out, someone else looks at it.
Personally, I think if that password had more umlauts, it would probably get through the policy. But that’s just me.
And then the password age keeps getting ratcheted down. It takes almost 30 days to memorize these stupid things. But by then, the passwords expire and the whole cycle starts over again.
Ultimately the solution is going to be ever longer and ever more complex passwords with ever-shorter lifespans. Maybe 32 characters long, with four upper, four lower, four numbers, four special characters, and four foreign language characters (stuff you have to type by hitting ALT and a four-digit keycode on the numeric keypad). I hesitate to say this, because someone’s going to think that’s a great idea and adopt it. So maybe I should patent the idea to prevent that from happening.
And the result will be ever greater resentment, more password sharing, more passwords on sticky notes attached to keyboards and monitors, and even greater willingness to exchange a password for a piece of chocolate.
Loosen the restrictions a bit, cut users a bit of slack, educate them on the importance of good passwords, and the result can only be greater security. Until then, things are only going to get worse, on all fronts.
It’s too bad Secure Channel didn’t think of all that.
Running a marathon with no plan
Yesterday I commented on a popular financial blog about using a debt snowball to pay off debt. Another commenter said she would never use such "psychological aids" or some other derisive name, if she ever found herself in debt.
I commented back, saying she could call it whatever she wanted, but I’d call it what it is: a plan. And if you’re going to pay off debt, you either need a plan, or some phenomenal luck.
Just deciding to pay off debt without a plan is a lot like me deciding to run a marathon. A couple of people told me I’m pretty quick running short distances, so hey, I might be able to win, right?
Well, every time I’ve tried to run long distances, I took off and usually built up a pretty nice lead early on. But since I didn’t pace myself, not only did I fall behind, but usually I was struggling just to finish. What about winning? In my dreams, maybe.
And that’s why the debt snowball works. It sets a pace. Follow the plan, focus on just the next month rather than on the big numbers, and whether it takes you six months or seven years, you eventually write that final check. And then you’re debt free.
Sure, you can argue about which debt to pay first and all that, but it’s just details. Do it wrong, and you pay your debt off a month or two later than if you do it optimally. That’s not so bad. You still save thousands, whether you do it right or wrong.
My critic said she got out of debt by selling a condo she’d been renting out. That’s great for her. Unfortunately, five years ago I didn’t have a condo to sell. I still don’t. And neither do most people.
I could have waited for a windfall. But if I had, I would still be in debt.
A serious case of one-downmanship
While researching nLite (I’m thinking about rebuilding a PC), I found a page about two Germans exploring the true minimum system requirements of Windows XP.
I won’t spoil the ending, but one of them managed to accidentally discover the world’s slowest Pentium.I used to enjoy that kind of tinkering but really don’t have time for it anymore, especially when you’re talking boot times of 30 minutes.
At any rate, it was very interesting to see what these two tinkerers could do, even if I’m not too keen on running XP on anything less than about 1.5 GHz these days. I run a Pentium D system at work, which probably runs around 2.6 GHz, and it’s a slug. But that’s probably mostly because they insist on foisting Office 2007 on us.
But sometimes that work PC feels like one of the PCs on that web site must.
Review: D-Link DSL-2640B
I’ve had DSL for right around 10 years. I would have ordered it sooner, except it wasn’t available in my area any earlier than that.
Over the years I’ve owned several modems. I started out with an Alcatel, then after I moved a mile down the street I owned a couple of different Speedstream modems. Each would drop connections every so often, and each had a different (and undocumented, of course) ritual to get it back online.
The highest praise I can give to the D-Link DSL-2640B is that I haven’t discovered such a ritual yet. If the phone line and electricity are working, it finds a way to stay online.
There’s nothing especially flashy about the 2640B. It’s an unassuming black and silver box, similar in styling to modern PCs, with jacks in the back. It’s a combination modem, gateway, and switch in one package, so in my case, it replaced two boxes–my Speedstream modem, and my Linksys WRT54G. Many ISPs have been distributing all-in-one units made by companies like 2wire in recent years; the D-Link is similar to those, but a bit smaller than many of them.
Setup is trivial for someone who’s set up devices like my old Linksys. Those who’ve never done such a thing may need assistance. I can’t vouch for the quality of D-Link’s customer service because I didn’t need it. Before I plugged the unit into my phone line, I plugged a laptop into the D-Link, brought the two units over to my desktop PC where I brought up my Linksys configuration, and I checked all my settings against the Linksys. About 10 minutes later, I plugged the D-Link into my phone line, it connected to my ISP, and it’s been online ever since.
The nicest feature is its ADSL information screen. It tells me the modem speed (downstream and upstream), number of errors, and other diagnostic information. I’ve seen my speed range from 1.5 megabit to as low as 256K (upstream stays steady at 384K), but it’s never dropped. I’ll take speed fluctuations over dropped connections any day. If the quality of my phone line deteriorates any further (or maybe I should say, “when”)–I’ll be armed with some good information. Southwestern Bell/SBC/AT&T have always been able to dismiss my complaints in the past. I imagine that’ll be harder to do when I can tell them exactly how many tens of millions of downstream errors I have, versus 96 upstream errors.
Despite those connections, the modem keeps on trucking. I’m impressed.
My sole complaint is that the DynDNS client doesn’t pass my domain name to my internal network. I had to put an entry for my DynDNS name into my hosts file. This won’t be an issue for anyone who isn’t running their own web server, but it’s a little aggravating for those who do. Less aggravating than a dropped connection though.
So if you need a new DSL modem for whatever reason, I recommend the D-Link DSL-2640B. It isn’t flashy, but it works and keeps working.
Update 10 October 2010: I’ve been using this unit for about 15 months, and it’s still going strong. So I can recommend it even more strongly than when I wrote this. It’s out of warranty now, and I didn’t even notice.
Firefox vs. Chrome
I used Google Chrome this week while I waited for Firefox 3.5.1 to come out. I like both browsers but still prefer Firefox by a slight margin. But Chrome is nice to have for those times when Firefox has unpatched vulnerabilities.Popups: Chrome wins hands down. Firefox doesn’t block all popups, but in a week of using Chrome, I had zero popups. None. That was nice.
Searching: Firefox wins. Most people don’t mind hitting ctrl-f to search, but I’ve grown used to Firefox letting me search by hitting the / key. It’s faster and easier and now that I have the feature I hate not having it.
Blinky crap: Firefox wins. I can disable animated GIFs in Firefox and I can use Flashblock. Maybe I can get Chrome to disable animation too, but I know where to look in Firefox. Firefox will stay near and dear to me as long as it lets me block all that blinky crap.
Speed: Chrome runs Google Maps and the new Yahoo mail faster and on a marginal PC it scrolls text a bit better. But I think Firefox finds sites faster. Both are much faster than IE though, and after suffering through 8 hours of IE at work every day, either one is heavenly.
Search bar: If all you do is search Google, Chrome is better. I routinely search Amazon and eBay, a lot. Chrome’s way of doing it is clumsier than Firefox even though it uses less screen space.
Frankly I like both browsers but I’m glad to have Firefox back. I may find myself alternating between the two based on whatever I happen to be doing.
Modem madness
Well, the 2wire modem experiment is officially over. I broke down and ordered a D-Link combo router/modem/WAP today. I rely heavily enough on my Internet connection to justify having something with a warranty and at the beginning of his lifecycle.After a bad experience with a D-Link switch a few years ago I would have preferred a Netgear unit, but the Netgear equivalent is getting hard to find. There’s a draft-N version of the Netgear out there, but I don’t need that capability, and prefer to buy mature technology anyway.
So we’ll see how the D-Link goes. I’ll post a full review after a few days with it. Decent reviews of that kind of equipment are very hard to come by.
Yes, thermal curtains work
At 93 degrees, it was the first big test of the year for the thermal curtains today. With the thermostat set at 77, the house is comfortable. Some parts of the house are never comfortable at that setting.
Add that to the list of things I wish I’d bought five years ago.
Boundaries
So an ex-girlfriend finds you on Facebook and contacts you out of the blue 12 years after the fact. What do you do?
1. Jump up and down like a giddy schoolgirl because someone’s interested enough to find you after all that time?
2. Passive-aggressively sit on the message?
3. Tell her exactly what you never had the chance to tell her?
Although option 2 crossed my mind, I thought it best to handle it a little bit differently.
My wife wasn’t home at the time, so I actually had a few minutes to think about it, which is probably good. The answer really was pretty easy.
I didn’t even open the message. When she got home, and after our son went to sleep, I told her, and I asked her to read the message and tell me what she wanted me to do with it.
Just this past Sunday, our pastor said in his sermon that one thing destroys marriages the fastest: secrets. To me, this seemed like a classic example of something (most likely) completely innocent that could very easily turn into something out of control under the wrong circumstances.
While my option certainly could be construed as overkill, it eliminates all possibility of misunderstanding. And it sends a very clear message that she’s more important than the ex.
Nothing in the message made her feel uncomfortable or threatened. Curious certainly, but not threatened. She spent some time poking around the ex’s Facebook profile and asking questions. And that was fine. It’s better for her to know than to wonder.
Maybe I handed over more control than some people would be comfortable handing over. But since this was completely innocent, what was there to be afraid of? I trust my wife, and this tells her that in a big way.
An hour or two later, I wrote a reply. I was cordial. Cordial is the appropriate tone. I’m not interested in being best friends. And being hurtful 12 years after the fact accomplishes nothing. Well, nothing worthwhile anyway.
And I was brief. This is also appropriate. Minutes after I saw the message, I talked to one of my best friends for the first time in months, and we talked for about 15 minutes. If that’s all I have right now for the guy who was the best man at my wedding, then I shouldn’t have more than that for someone who broke my heart 12 years ago and–I’ll say it–wasn’t very nice about it.
All relationships are different, but I can’t think of any good reason for two people, both married to someone else, to be writing long epistles to each other 12 years after the fact. That only invites the mind to go all sorts of places it shouldn’t go. "Your Wildest Dreams" by The Moody Blues doesn’t need to be cuing up in your head, and neither does anything by Barry Manilow.
I asked my wife to read my reply before I sent it. It’s all about checks and balances. She knows what’s going on. I was going to say it also prevents me from saying things I shouldn’t say, but self-restraint in e-mail is a requirement for my job and I’ve had lots of practice. But everyone is different.
"So are you going to friend her?" my wife asked. I said I didn’t know.
That, too, is a situation where everyone is different. If the parting wasn’t especially bitter and two people can both gain something by corresponding occasionally, why not? On the other extreme, if the sight of a person’s name triggers fight-or-flight mode, then it’s obviously not a good idea.
If the sight of a person’s name does cause you to go into fight or flight mode, I will say, speaking as someone who’s been there, that you need to deal with that issue. I don’t say that flippantly; I spent a lot of time and money working through it myself. It’s not easy but it’s necessary.
Ultimately the most important thing to do when a situation like this crops up is to keep priorities straight. There’s no reason to say, write, or do anything on account of 12 years ago that might mess up today or tomorrow.
Depending on what you make of it, this situation can sow seeds of trust or seeds of doubt. Personally, I’d rather have trust.
The 2wire 1701HG and its dodgy power supply
I picked up a 2wire 1701HG DSL modem/router/WAP this weekend cheap. The power supply (or AC adapter) was missing. Google indicates the factory power supply is really dodgy. A replacement 2wire 1701HG power supply costs anywhere from $13 to $25.
But it turns out the Sony PSP’s AC adapter works fine with the 2wire. Sony’s power supply is common and dirt cheap. Normally I prefer to get higher amperage when buying replacement power supplies, but the connector is a little weird. The PSP box is readily available, so I’ll go with that, at least for a while.
Now I just have to configure the 2wire in such a way that I don’t have to redesign my whole home network… That’s a project for another day. The main thing is getting a quality replacement 2wire 1701HG power supply, so the unit itself will be reliable.