|
|
These days we have to remember passwords for a huge host of web sites and systems, unless of course you just use the same one for every site, bad idea, eggs and baskets spring to mind. Short and easy to remember passwords are easier for a hacker to guess than complex high entropy ones, but long and complex passwords are hard if not impossible to remember. If any of your passwords are listed in the table here then you should change it now.
Another problem with passwords is that they are static. You may change them from time to time but if you log onto a site and someone behind you makes a note of your password by watching you type or, more likely, if captured by a key logger that person can log on as you. This is not such a problem for low profile sites, but for banks & other financial sites you want to be as secure as possible.
When you get money out of your bank you use a password and card system is known as two factor authentication (T-FA) or (2FA), that is; something you know, your PIN and something you have, your card. Without these two things you can’t get any money out of your bank account.
Another form of authentication are biometrics, something you are. My laptop has a fingerprint reader, to log in I need to swipe my finger and enter a password. Again this is two factor authentication, something I know, my password, and something I am, my fingerprint. Nice thing about biometrics is it can’t be stolen, stolen easily that is.
A couple of years ago my PayPal account was hacked. I had used a very high entropy password but somehow someone still managed to gain access, I was either the victim of a key logger or they got in via some vulnerability of the PayPal system. I will never know. After a bit of research I found that PayPal supported a form of two factor authentication. This is done via SMS on cell phones. When you enable this system; each time you log on with user name & password it sends a 6 digit key (20bits) to your phone via SMS. 6 digits may not seem like a lot but it’s only valid for a few minutes. So in this situation a hacker would not only need to know your user name & password but also have your phone. I would highly recommend everyone to enable this option. It may make logging into your account a tiny bit slower, but much more secure and where money is involved it’s worth being extra cautious.
The cell phone system is a great idea IMHO as you generally own one and it’s also with you wherever you go. Unfortunately sending SMS messages does cost money and so this sort of system will only be viable for large organisations. What is needed is a cheap 2FA system that would work on all the machines you use. For this to work with a fingerprint then all PCs would have to have a fingerprint reader, most don’t. Or how about a card reader? Even less have this facility. So what has every PC got? Well unless it’s hideously old all PCs have a USB port. 
Enter Yubico and there device called the Yubikey. It looks a bit like a waif of a memory stick that can easily be attached to your key chain and therefore with you all the time. It plugs into a USB socket and is recognised as an USB keyboard. This is important as every PC has a USB keyboard driver loaded by default so no software drivers need to be loaded when you plug your Yubikey in, it just works. There is one button on the Yubikey, when you press the single button it types a 44 character key. The first 12 characters are a unique 48bit ID unique to that Yubikey. The other 32 characters generate a 128bit one time password or key.
To log onto my blog I have enabled Yubikey authentication. I need to enter my usual user name & password, then it also requires the password from the Yubikey. I simply plug the key in and press the button, it types the 44 character key into the login screen and I’m in. If a key logger captures all that information and it was used to log in again it would fail. This is because the Yubico password changes each time I log in, it NEVER repeats. So a hacker would physically have to have my Yubikey as well as know my user name & password to successfully log in.
I also use the Yubikey with LastPass. This is a password manager that remembers all your web passwords with one master password and syncs them across all the machines you use. You can therefore have very high entropy passwords for all your sites but only have to remember one password to access them all. The obvious problem is, what if that one master password is captured by a key logger? With the option to also authenticate with a Yubikey then it’s not a big problem as the hacker would also need access to the Yubikey.
You can also use Yubikey with Clavid, the OpenID authentication portal. This open ID then allows you to log onto many other sites a bit like LastPass.
At the moment there are not many other sites that work with the Yubikey, but I hope it will achieve a critical mass soon and be the de-facto form of 2FA for the net. It’s a clever answer to the problem of security on the net.
Password Policy
Spoiler alert. This review has lots of spoilers, not to mention a total story synopsis.
Avatar, James Cameron’s film that was a decade in the making is now in cinemas.
Last week when I told some friends I was going to see it soon one reply I got was ‘Oh, is that the funny looking cartoon thing?’ I did give her a bit of a hard time for that comment, however having now seen the film I have to say it does look somewhat artificial.
The Problem with the CGI
 CGI when done well is impressive and it’s certainly much easier to generate ships, cars & buildings with hyper reality than organic stuff. The CG in this film, which has to be 60~70% of it, is good but not to a point where you forget it’s CG quite the opposite. It really does look cartoon like and the alien vistas of planet Pandora are somewhat over cooked. It’s like when you first get Photoshop and push all the colours and effects to the max and at the time it seems cool, but in reality it just looks too OTT. Less is more.
A lot of the alien scenes reminded me of being underwater in some abyssal phosphorescent sea creature environment, way too Disney for my liking. I think the mixture of real life with CGI did not help the film either. To my mind the 2001 film Final Fantasy: The Spirits Within is far superior in it’s efforts to create a believable world in CGI. As the entire film is CGI it’s easier to get sucked into the world, with Avatar you are jumping from one to another and they just look like two separate films spliced together.
The Problem with the 3D
The 3D for me was certainly not unobtrusive, I don’t think I ever forgot I was watching a 3D film. Perhaps it’s because of the novelty, the last 3D film I saw was Jaws 3D in 1983. Certainly the technology is much improved. I remember on Jaws you had to concentrate to get the 3D effect, rather like looking at autostereograms. The Avatar 3D effect is instant but still seemed a bit fuzzy and the colour was somewhat diluted. So I never felt lost in the moment.
The most impressive scene for me was in the very first couple of minutes where Jake Sully is revived from hypersleep on a ship in a massive chamber with technicians floating about in the weightless environment; as the camera is swaying slightly and as pretty much all of your vision is taken up with the huge IMAX screen I felt a bit of motion sickness. There were plenty of other parts of the film where I should have felt vertigo or other motion educed feelings but not for me, it was just that initial scene.
As would seem to be a tradition in 3D films there has to be at least one arrow or spear pointed out of the screen, Avatar had plenty of that. A nice collection of arrows sticking out of the screen can be found in the death of Colonel Miles Quaritch, which reminded me somewhat of a Strongbow advertisement. This character was the best thing about the film. Loved the scene where he stormed out of the control centre, exposing everyone to the toxic Pandoran air, and opened fire on the gunship being stolen by the main protagonist.
I will be interested to see the film again in 2D. I think 3D certainly has a place in the future, we see in 3D after all so it’s got to be the direction to go, no pun intended.
The problem with the story
The story is very shallow and long, real long, 162 minutes long. The plot is not that complex and somewhat Pocahontas:
- Humans arrive at planet Pandora to mine something called ‘Unobtanium’, seriously, Unobtanium!
- Pandora is populated by the Na’vi, tall blue hippies equipped with organic USB sockets in their pony tails to connect with other Pandoran wildlife & fauna with compatible USB sockets.
- The trees are in fact nodes in an organic planet wide internet. The planet is a big brain.
- The Na’vi have made there home (possibly squatting illegally) in a big tree on top of a vast deposit of Unobtanium.
- Humans want them moved and create Na’vi lookie-likies AKA Avatars remotely controlled by humans to infiltrate the Na’vi to win hearts and minds.
- This fails so they send in the marines to destroy their tree.
- One lookie-likie goes native and starts a revolt against the humans. They fail.
- The other non sentient USB equipped indigenous aliens (probably hippies also) get the message from the planets organic internet. A bit late to the party but perhaps they were on dial up or had not turned on there Twitter apps. Anyhoo, they rise up and defeat the humans.
 ‘Nuke em from orbit, it’s the only way to be sure’. That’s all that was going through my head. I had no sympathy for the Na’vi. They are living some stagnant existence in a forest where the coolest thing for them is making a bow from a sacred tree. They should have knelt down to the white man and handed over the Unobtanium, which I would guess would then have to be renamed Obtaindium.
You know the entire film is building up to a ‘Bows and arrows against the lightening’ thing but it takes an age to get there. The majority of the film is all rather ‘A Man Called Horse‘ learn to jump from vine to vine, learn to fire a bow (making sure arrow points out to camera), learn to ride horse thing, learn to ride bird/bat thing…. yawn. I just wanted to see the huge ass robotic exoskeleton and dirty big gun ships with nasty missiles fuck their blue arse hippie shit up. You have to wait a long old time for that to come.
Three quarters of the way through the film we see this awesome fire-power used against a tree. It was a big tree but was not much of a match, rather predictively the tree lost. Later we get the big ground/air war which thankfully came out looking better than the encounter at the end of Phantom Menace, the burning horse thing was a nice scene, but I still had no empathy whatsoever for the indigenous population.
On a technical point. When they move the Avatar control units to the floating mountain area where all electronic devices go haywire, how is it that these units still work? And why are those mountains floating anyway? Is it because they are made of Unobtanium? We see this stuff floating earlier but perhaps that’s just because of it’s display stand. If the floating mountains are Unobtanium then mining would be real easy. Confused.
Having said all that, according to IMDB it’s currently the 25th best film of all time, so what do I know?
Ever since watching the 1977 movie Demon Seed as a kid I wanted an automated home. Now I am well on my way. I already have security cameras that I can view remotely on me cell or PC, but until recently no remote control over electrical appliances or lights etc. Enter X-10.
X-10 works by sending signals to various units over the mains wiring in your home, it also utilises RF. You can purchase various RF transmitters such as a KR22 keyfob unit. When you press a button on the remote it sends a command via RF to a transceiver unit (TM13). This unit converts it to an X-10 signal which is sent over the mains.
Each X-10 system can be part of a ‘House Code’ from A~P (i.e. 16 unique House Codes), each House code can accommodate 16 devices. So in one home you could have up to 256 X-10 units. I’m not sure how far these signals propagate outside your home to interfere/be interfered from other X-10 users. However with all the possible address combinations and I would imagine low use of this technology you should be safe from collisions with a neighbours system.
With other X-10 units that plug into mains sockets, ceiling rose or micro units that nest inside the mains outlet, modules for lights and motors for blinds & curtains etc you can remotely control devices from anywhere in your home. These could be coupled up to solenoids/maglocks/door actuators/valves or anything you can imagine.
This is all pretty cool but a bit of overkill, after all, how BIG is your home? The system truly comes into it’s own when used with one of the computer interface units. Unlike the ‘Enviramod’ as seen in Demon Seed which was a minibar sized unit that got it’s commands via an huge floppy disk, and I do mean floppy, the 2009 version is about the size of a pregnant remote and has a solid state NOVRAM to store it’s commands. It will also run autonomously if it loses it’s link with the PC.
 X-10 Enviramod The ‘Enviramod’ unit is programmed from a PC and you can set timers for turning lights on/off (or dim them) or any electrical device. The true strength of the unit though is in it’s macros.
You can set up a macro to do the following; If a command to turn the media centre on is received then it turns on the Media Centre & Projector, lower projector screen, Lower blinds in living room and if it’s after dusk (it knows when dusk and dawn is) wait 30 seconds (time for media centre to power up) then dim all lights in living room. When you turn the media centre off, if it’s still dark it can turn the lights back on etc.
You can also have inputs from motion sensors hooked into the system so if it detects movement in the house and the temperature is less than 20′c then it turns the central heating on. If no movement for 30mins; then heating turns off. So heating only operates when you are home and it’s cold. The lights/appliances can also work off a similar logic of course.
All this automation can catch you out. One night whilst playing ‘Modern Warfare 2′ in the heat of battle the power was cut to my PC, Amp & monitors. It was then that I realised it was 3am and that’s the time the house powers down the PC if I had accidental left it on. Guess I need a motion sensor in my office, or not stay up playing games.
Now all this smart automation MAY also help reduce heating/electrical costs, however there is the offset to be taken into account by all these X-10 units. Each unit you plug in is on all the time and is using power, not massive amounts but add them all together over time and I would not be surprised if the electrical cost of running this system wipes out any savings from smart lighting/heating etc. However that was not the prime consideration for embarking on this project, that would be the cool factor of a smart home, one that Proteus would be proud.
Proteus was the organic self aware computer from Demon Seed took control of the professors home over the company WAN. Today I can control my home over the internet. To be honest this function is hardly ever needed as the macros take care of most things.
Obviously the combinations of sensors, devices & macros are practically endless and as you build these macros the system starts to take on a life of it’s own. Hopefully not to the extent of the 1977 Demon Seed, my cat seemed pretty worried after she saw this film and my contemporary equivalent.
However I think hearing the words, “When will you let me out of this box?” booming from my PC and the domestic version of Judgement Day ensuing is unlikely, especially as I have no intention on building a robotic arm onto an electric wheelchair. Hum, eying my Roomba now, it looks pretty bored sitting on it’s dock waiting for dust to form. Cue T2 music…
So the post office is going to strike again. To be honest I am not sure I will notice any difference in their service.
I recently got a snotty letter from British Gas titled ‘Statement of Intent’ in big red threatening letters, evidently earlier communications asking for payment did not make it to my address and I was on the verge of having legal action taken against me to ensure payment. Lucky that one got delivered or I may have had my credit rating wrecked and/or taken to court.
OK mistakes happen from time to time but for the aforementioned gas bill scenario to occur Royal Mail must have lost 2 or 3 bills for it to get to that stage. Where were these bills being delivered too, or are they sitting in the rain at a car park at the local sorting depot? What details do the bills contain that a dishonest party could use? What else might I be missing?
Would we not be better off being notified via email for this sort of thing? I guess it does not hold the legal weight a snail mail letter does. Not sure why. An email can be shown, beyond any reasonable doubt, to have been delivered to the recipient. That can be done with recorded delivery of a physical letter but utility companies do not employ this in day to day communications.
Sending private info via email may be a problem but it can very easily be encrypted and only read by the recipient. Or they could just send a note to check your account online and then you could log on with a username and password to see what they want. Got to be a better system than paper being moved around the country. And the privacy protecting a letter is just the envelope, not much protection really.
In this current eco friendly climate is there a place for dead trees to be transported in vehicles over a couple of days contributing to pollution just to remind you to pay a bill? Why not have it sent instantly via e-mail without the need for a tree to die man?
I frequently get mail meant for other people, Just the other day I got a pay slip for a lady who’s address only shares the same house number and town as me, everything else was different. Not just slightly different but vastly different. With identity theft fast becoming a major vector for stealing your money the prospect of my mail ending up at random houses willy-nily is frightening.
Is snail mail important to us today? I think that 90+% of all the mail I receive are bills. As mentioned above this could be taken care or much more efficiently in other ways. The remaining 10% is either targeted advertising or other unsolicited material. When is the last time you sent/received a physical letter to a family member or friend?
I don’t like greeting cards and try my best not to send them and not bothered one way or the other if I receive one. Sound harsh? Possibly, but honestly why do we need to do that? Why not call, send an email or something? Do we really need a cheap (well not so cheap) piece of cardboard with some witty tag line in it to confirm someone cares or congratulating you on being another 365 days older than the last reminder? Bah Humbug! There is also the fact I am pretty bad at remembering anniversaries despite various electronic devices nagging me, so ending the card exchange would help me immensely.
Aside: Years ago I sold a PDA to a friend and forgot to erase all the calendar entry’s, he still lets me know from time to time that my Ex-PDA says it’s my parents anniversary or a relatives Birthday etc 
What other services do Royal Mail provide? Tracking is one. When you use tracking services with courier companies you can often see, via a web site, 20+ points logged where your parcel has been, Leaving depo, on truck to airport, cleared customs, on flight etc. You can also have them SMS or Email you at these various points, the most useful being ‘Out for Delivery’, so you will get warning that it’s going to arrive that day. Royal Mail tracking by contrast is a joke. Basically it just lets you know when someone has signed for the package.
Most of the time when you are waiting for a parcel to arrive you can use a tracking service to see if it’s worth while staying in that day to receive it. If the tracking site says it’s on a truck that left a local depo you can be sure it’s on it’s way to you and wait in for it. With Royal Mail they can only tell you that you have, or have not, signed for it, which you would already know, brilliant!
I see that Rodger Moor is promoting the Post Office, it’s a good choice, sums up their ageing lame, fumbling services nicely.
Cost of stamp to go up to 41p
|
|
