You need a Yubikey.

I mentioned the Yubikey as the ultimate solution stolen passwords on the excellent Yahoo Marx Train forum, and another member asked me to elaborate on it. Rather than take up a lot of space with some off-topic discussion, I decided it would be better to write about it here.

The Yubikey is the best solution I’ve seen yet for the problem of remembering passwords. I am a computer security professional by trade, but I will try to avoid as much techno-jargon as I can, and explain what I do use.

Read more

You can’t collect everything

There’s been a fairly spirited discussion lately in the always excellent Yahoo Marx Train group about the merits of Marx tin trains versus plastic ones. Some people like them all, some people prefer one or the other, and almost everyone with a preference is apologizing to the people who prefer the other.

That’s part of what makes that group great–the lack of elitism and looking down on others whose preferences differ–but in my mind, there’s no apology necessary because very few hobbyists have the time, space, or budget to collect everything. Read more

What happened to Altavista

What happened to Altavista

For as long as I can remember, my home page has been about:blank. But for a good chunk of the 1990s, I would have done well to set it to altavista.digital.com. Here’s what happened to Altavista.

Most people remember Altavista as the thing people used before Google, if they remember it at all. But I remember it as the first great search engine, because I’ve done my best to forget what search was like before Altavista came along. So I was a little sad to see Yahoo shut down what was left of the first great search engine in the summer of 2013. Read more

How to use price guides

How to use price guides

Pricing collectibles is more art than science, and most guides have some errors in them, so large (or at least very vocal) numbers of people mistrust them.

I still use them, however. Knowing how they’re produced–or would be produced, in a perfect world with perfect data–helps someone to use them to maximum effect. The principles are the same for any guide, whether you’re talking trains or video games or baseball cards or any other collectible. Read more

Beware of unexpected links in e-mail messages

Hackers are stealing Yahoo accounts by sending messages containing malicious web page links.

The message looks like a link to a web page on MSNBC. But if an unsuspecting user clicks on it, it redirects to another page that steals the e-mail account, allowing the hacker to use the account to send spam, or grab the account’s contact list.

The gory details are here.
Read more

Workable two-factor authentication

I’m several months late to this party, but I just saw Marcel’s post on Google’s two-factor authentication with a smartphone.

He’s right. It works until someone steals your phone. Once someone steals your phone, you’re in a world of hurt. It’s just a compromise, until we find a way to do two-factor authentication the right way.

The right way is with a smartcard, issued by some sort of central authority. Read more

Testing my new Facebook plugin

The plugin I was using, FT Facepress II, decided to quit working, so now I’m trying to get the official Facebook WordPress plugin working.

If it does all it says it does, Facebook comments about blog posts will also show up here (and not just on Facebook), which would be nice.

Update: It appears to have worked, but it also appears to have replaced the comments engine. I’m not sure if that’s a good thing or a bad thing. That option is easy enough to disable; I’ll give it a trial period and see. The new engine can authenticate against Facebook, AOL, Yahoo and Hotmail, so it does give some options for those who don’t have Facebook accounts.

The upside is that this may significantly reduce the spam comments. I have a good anti-spam engine, but the comments still clutter up my database.

WordPress Appliance - Powered by TurnKey Linux