Somehow a few years ago, I got lucky and I’m no longer responsible for providing technical support for my friends and family, so I don’t have to give computer advise anymore.
However, I do have one piece of advice for them in their daily computer use: Use a Password Manager, even if it is just a sheet of paper.
The whole system of passwords is incredibly weak, and it has never been weaker. At some point in the future, it is likely that the technical community will come up with a replacement for them, but you shouldn’t wait for that time, as passwords are already at risk. Passwords are regularly stolen from websites. I manage to trip over articles of password hacks all the time, so much so that I don’t even read them.
So how does a Password Manager protect you? To fully explain that, we have to delve into how websites store passwords. Bear with me, this is a wee bit technical, but I’ll keep it as painless as possible. And if its too painful, jump to the next section.
When you give a website your password, such as “P@ssw0rd!”, the website doesn’t or more accurately shouldn’t store it just like that. It encrypts it, but not in the same way your bank encrypts the information it sends your web browser.
The information a bank sends back and forth to your computer is encrypted with reversible encryption. Reversible encryption allows you to get the information that you put into it back out of it. For instance, if we were to encrypt “P@ssw0rd!” by choosing the next letter in the alphabet, next number, or for the symbols the key to the right on the US keyboard, we’d get “Q#ttx1se@”. As long as you know the rules how it was encrypted it is trivial to take “Q#ttx1se@” and decrypt it to get “P@ssw0rd!”. This is important for information that is sent back and forth to your computer, because your computer needs to be able to show you what your bank balance is, recent transactions, etc.
Passwords on the other hand are stored with irreversible encryption, also known as a hash. So take “P@ssw0rd!” and hash it you get something like, “8a24367a1f46c141048752f2d5bbd14b”. Most hashing algorithms are designed up so a small change makes a big difference. The hash of “Password!” is “0040f2abc2cff0c8f59883b99ae9fab6” which is quite a bit different than the hash of “P@ssw0rd!”.
But passwords are not just stored by hashing them. Passwords should be salted and hashed. No salt in this instance isn’t table salt. It is a random bit of information, such as “06acebb0405318414c0577c0b6fe065d”. So what a website does is take your password, “P@ssw0rd!” and adds it to a random salt that is unique for your password, for instance “d3945bb3f56371103fb38eb5744188db” and puts them together into “P@ssw0rd!d3945bb3f56371103fb38eb5744188db”, and then it hashes that. For instance “P@ssw0rd!” might be stored as “d596b64c12671d6f2dbbf2004d98081e” once it has the salt “d3945bb3f56371103fb38eb5744188db” added to it.
So how does a website know it is you? When you give it “P@ssw0rd” to that it adds the salt it has for you, “d3945bb3f56371103fb38eb5744188db” and hashes it. It then compares the the result of that has to the hash that it already has on file. If the hashes match, it know you knew the password was what you originally gave them, “P@ssw0rd”, even though they do not store the password.
So why to through all of this song and dance about hashing and salting? It helps to protect your password the file containing your password gets stolen from the server. Helps is the important word, it doesn’t make it impossible to figure out your password when that file is stolen, it just makes it take a lot of computer power to figure out what your password is. (Physical safes work the same way, they are designed to take at least a certain period of time to break into.)
Many things have transpired to make passwords easier to figure out from the stolen file:
- Computers and more specifically graphic cards, which can do the heavy lifting of cracking passwords, have gotten much faster.
- Humans are bad at picking passwords. Yeah, you thought you were clever in replacing “a” with “@” and “o” with “0”, but everyone else, including password crackers know those tricks too.
- Lists of words that might make up passwords are easier and easier to get in electronic format.
So how does a Password Manager protect you? It does nothing to protect your password on the server, what it does is two important things:
- You’ll have a unique password for each individual site, so if your password is compromised on website, you only have to change the password on that website, not every other site you used that password.
- It allows you to have more complicated passwords than you can remember, such as “b4d6UFp/naGu1H7MzRBE-o#=vm9C0m3py]$pG171”. Perhaps you could remember that password, but could you remember 10 or 15 passwords like that? A password that is truly random is much harder for password crackers to figure out.
At this point, I hope you’re chomping at the bit to start using a password manager. Here are some suggestions:
- 1Password – This is the one I choose. My data is only on systems that I want it to be on, and it nicely integrates with web browsers.
- iCloud Keychain – This is limited to folks who utilize devices in the Apple ecosystem.
- LastPass – A centrally hosted password manager. Your passwords will be on a central server with passwords from many other people.
- Safe Wallet
- mitto
- Pen and Paper, and secure that sheet of paper. Seriously. Bruce Schneier, a noted security expert has said, “… people say don’t write your password down. Nonsense. Write it down on a little piece of paper and keep it with all the other small bits of paper you value — in your wallet. … [Paper money] has value. Your password has value. As a society we are good at valuing small bits of paper. We have cracked that problem.” If you do use this method, I recommend ensuring that your passwords are random in some way, roll a die, open a book to a random page and choose the first letter of every line as your password, or some other technique.
Using a password manager is both good hygiene and insurance. Using my a password manager makes logging into websites effortless and gives me piece of mind.
I finished my first day of Code Fellows today. We’re supposed to blog frequently about what we’re learning, its a good way of reinforcing learning. Sort of like in those big college lecture halls where I took notes to make sure I paid attention and to run it through more parts of my brain. I barely ever looked at the notes afterwards. However, today’s blog entry won’t be technical. That is not what I need today.
It’s weird for me going back to school. The last time I was in a classroom was eight years ago, and I’ve only taken a few online classes since then.
Code Fellows is split up into lessons in the morning, and working time in the afternoon. In the lessons I followed along just fine. When we got to the afternoon bit, several of my classmates appeared to be done with the assignment by the time I arrived and starting working on it. Peeking at some of their bios online, a few of them have studied computer science in college, and others are freshly out of college having studied random subjects.
I completed the assignment with time to spare. I know the spots where I’ve made tradeoffs that I’ll probably have to rip out tomorrow, and I’m fine with that. I’m working to be reasonably comfortable with the idea of producing crap. I know that writing code and creating applications is like anything else: you’ve gotta do it to get better at it.
I have become a better musician. I just watched my Handbell Quartet’s first performance, and we were horrible. Its painful for me to watch that three year old performance. We could have given up at that time and moved on. However, we continued rehearsing and started rehearsing more. We got better, slowly but surely. We’ve reached the point, that a week after my quartet performed at church, I was still receiving compliments including, one guy who told me, “that was fucking awesome.”
In the same way, I know I have gotten better at writing code. I just peeked at code that I wrote 18 years ago. I know it worked. I used it daily to commit around 10,000 copyright violations per day. However, it is horrible, horrible, horrible code, and I can’t glance at it and tell you how it worked. There are so many things wrong with it, that I could write a few blog entries about it. In short, it has barely any abstraction, the variable names are not really readable, the code is spread out over multiple files, in multiple different languages. It makes a Ford Pinto seem well designed.
However, my progress at writing better code has come in fits and starts. I haven’t been as consistently dedicated to becoming a better programmer as I have been dedicated to be coming a better musician. I’ve become a better musician because I’ve consistently practiced and worked at becoming a better musician. Part of that consistency for me has been making music as a part of a group. Another important part of becoming a better musician, has been making music as part of a larger community. I’ve invested the time in going to conferences, learning from other musicians, discussing making music, and appreciating the music of others.
I recognize that for me to become develop myself as a computer programmer, I need to do that as a member of a group and a community. I initially avoided going to college to become a computer programmer because I believed it was an anti-social activity. I know that does not have to be the case.
I know I need to work consistently. My precalculus teacher once wrote that Nick “… is plenty smart, but more than a little bit lazy by my standards. He’s usually a great participant in class discussions, one of the first to answer correctly during discovery lessons. But the rest of the students catch up and then often surpass him through homework preparation and study. It seems a pity he doesn’t use his gifts better.” That quote still haunts me in its accuracy. I can’t blame my seventeen year old self for my performance in that Precalc class. There are some days I’m amazed, that given what I was dealing with in life, my teenage self was as successful as he was. (Which is to say, I graduated from high school while managing not to inflict major harm upon myself or others.)
Now, I have a pretty good handle on all of the issues that have held me back from fully utilizing my gifts. That isn’t to say all of those issues have completely disappeared, but I now they’re minor bumps and I can get back to where I want to be quickly.
Respecting Yourself in Friendships
Another entry that has been sitting in my drafts folder for a while. This is from December 29th, 2012. Needless to say, the Personal Knowledgebase idea didn’t get going. Perhaps I should revisit that.
I’m going to kick off a short series of blog entries. I’m calling this series Personal Knowledgebase, mostly because its got a nice geeky ring to it.
I’m at a point in my life where I’m closing one chapter and opening another. The chapter I just closed has been a pain in the ass, very enlightening, transforming, and tumultuous. So it is important for me to remember the lessons I’ve learned so I can apply them in my life and not get stuck having to learn them again.
I just read Wil Wheaton’s blog entry respect yourself and it rang quite true for two of the relationships that have ended over the past year.
The first relationship that I ended this year had been dead for a while. I had been friends wit him for eight years or so. We first met in Cincinnati and he followed me out to Seattle. Like any friendship of that length it wained and waxed over the years, but during 2011 it became quite apparent to me that I was begging for his time anytime we got together. He was horrible at responding to text messages, emails, or phone calls. When we did get together he wasn’t actually present. He’d often be stuck in fiddling on his smartphone or even taking a call from someone else for longer than just a moment or two. The last time we got together in person he was already near my neighborhood and I made an effort to meet him somewhere that was more convenient for him, and he wasn’t actually present for half of the time we were there.
Generally, in a situation like this I’d just leave the friendship be. I’d stop making attempts to communicate with him, and if he wanted to get together I’d make sure it was something that I wanted to do and he was making time for me. Since I’d been the one who initiated anytime we got together for quite some time it’d mean that we wouldn’t get together.
However, in this situation there was a tendril that kept the relationship nominally alive: he owed me money. (He was making payments as agreed, so it wasn’t that he wasn’t paying me back.) I had made the realization that the friendship was over sometime around the end of November 2011, and I decided wait to communicate this to him until the beginning of the new year. (Mostly because I didn’t want to put this in the middle of his or my holiday.) I wrote him a letter explaining that I considered the friendship to be over and that our relationship was now simply a business relationship. To make a point about my seriousness I sent an actual paper letter via Certified Mail, with a Return Receipt and Restricted Delivery. Meaning that he’d have to sign for it personally. I received an email from him 31 minutes after the letter was delivered. That email put an excessive amount of effort into deflecting any and all fault for the state of our relationship. I know I wasn’t perfect, but neither was he. Beyond that single email he didn’t make any attempts to repair our friendship.
I simply don’t miss that friendship, it had been limping along for far too long. It also felt really satisfying to collapse the ambiguity of our relationship and to clearly and cleanly communicate to him how I felt about our relationship and my understanding of it. Additionally, I appreciated that it was fair to him in that it did not leave him in the dark about the state of our relationship.
Revenge and Justice
Here is an entry that has been sitting in my drafts folder for a while. I wrote it back around April 21st of this year..
One of the organizations of which I’m a member ran into a situation that has brought me back to thinking about several situations I’ve been in, specifically:
- (No Words Can Appropriately Title this Entry)
- Gay High Standards
- Realizing that a former coworker of mine was a “collector, distributor and producer of child pornography”.
I have also been linking this all to what I’ve learned in Unitarian Universalist’s Common Read: The New Jim Crow: Mass Incarceration in the Age of Colorblindness.
I had been mulling all of this in my head for a few weeks, then the bombing attack during the Boston Marathon happen and its aftermath unfolded. During all of this it has become clear to me that justice and revenge often are conflated in our society.
I have long held the opinion that we should not have the death penalty anywhere, including in this country. This belief came not from a moral analysis, but from an economic one, the extra financial costs imposed by the process to execute a criminal are far outweighed by placing them in jail for the remainder of their life. This avoids the real questions such as:
- How should we protect society from those who have committed crimes others in society?
- Should we try to correct the criminals in custody so that they do not commit crimes again once they are released back into society?
- Do we want revenge against criminals or do we want justice?
That question of revenge versus justice is the one I find most salient at the moment.
Part of me very much wants to inflict pain upon D; I’ve considered taking a baseball bat to the head of Matt Keyes, my former coworker above; I understand the urge of many in the media to execute on sight or deny the suspected bombers their legal rights. I hold that these urges are for revenge not for justice.
Achieving true justice is a difficult thing, because justice in relation to crimes is ameliorating the wrongs committed against the victim and against society. I personally could achieve half of true justice applied toward D as I am the victim in our interaction, a judge could represent the will of society as expressed through the laws passed through our representatives. There is a reason that in some traditions of justice once someone was found guilty their punishment was determined not by the court, but by their victim or their victim’s representative.
Carrying out justice on a victim to victimizer level is unworkable at a large scale, and ultimately will result in different punishments for the same crime.
I would not venture to develop a system that delivers justice for any imaginable crime. I do know that a system involves:
- A process designed to mitigate any the urge for revenge.
- A strong and vigorous effort to attempt to prove the innocence of the accused, so to ensure that their guilt is firmly established. A strong defense raises quality of justice by driving out doubts.
- A process that weights the costs to society of carrying out the punishment against the wrong committed by the punished.
As broken as our current system is at times, it has many parts that work and protections that are vitally important for achieving as close to true justice as possible.
Picking up Vlogging
So I put this video up on YouTube earlier today:
I had written off Vlogging as “too much work”, “not worth the time”, and “that new fangled thing that the youngin whippersnappers are doing”. (Hey, I’m old enough that there are folks I can call youngin whippersnappers.)
So what prodded me out of my obstinance? Well, I had a reason to do this video. Initially, I thought this’d be a huge pain. However, I found this to be enjoyable. Vlogging, is something I’d definitely do again, although I’m not sure I’d do it in the same way. This video twas a bit insane since I wanted to cover a lot of things. To get them all to stitch together in a non-schizophrenic way, I made a concept map of the things I wanted to cover, then wrote myself a script, that I more or less stuck to. (There twas some ad libbing, and some shots that got left on the proverbial cutting room floor.)
I also did a bit of foley work, because cats will not meow on cue.
Finally, thank you to Mickeleh, a/k/a Michael Markman, for pointing me toward, celtx, a handy dandy script writing tool, and to retius, a/k/a Tad Suiter, for a video about Vlogging he did long, long ago that still stuck in my head.
Annoying Ad on the Bus
I’m a fan of public transportation. One of the reasons I moved to Seattle was because I didn’t want to deal with the money pit that an automobile is.
So I was a bit miffed when I saw this advertisement on the bus:
Realizing that just complaining on twitter and on my blog does little, I sent this complaint to King County Metro:
Hello,
Twice in the past two days I have seen ads for CarHop.com, which state “Move to a better Seat. Get the Car and Credit you need.”
This advertisement is against the King County Transit Advertising Policy. (Document code CON 1-1-1 (D-P) dated January 12, 2012.) This violates the stated goal and objective of maximizing ridership as it the intent of the advertisement is to convert Metro transit riders into car owners and drivers. Additionally, the advertisement contains Prohibited Advertising content as the ad is demeaning and disparaging of transit riders as it mocks their choice of transportation seat.
Thank you,
Nicholas Barnard
Please feel free to plagiarize this, and send in your own complaint to Metro.
I’ve Been There
Recently, I got into a mud throwing and catching competition online. One of the participants there wrote that I have “…written publicly about [my] depression, job loss, and difficulty forming lasting relationships, factors that often make people hostile towards other people. … It’s a pity [I don’t] realize that hostility and resentment drive away prospective employers, partners, and friends. Employers are savvy enough to look at what candidates post online.” While I was discussing this with a fellow handbell musician, she suggested that I remove some of the blog entries. My response was an immediate no. Since the beginning of this blog, I’ve had a personal rule that I don’t remove any entries and I don’t edit entries after they’ve been up a few days.
Once I’ve put something out into the world, I leave it out there. I’m not worried about the Streisand effect or something similar. I just don’t want to go back and worry about what should and shouldn’t be public.
I also don’t worry about employers looking at this blog or my website. Any employer with a borderline competent employee relations department would realize that my the content of blog does not likely relate to any bona fide occupational qualifications, therefore by considering it in their hiring process it opens the company up to lawsuits. Of course, winning a lawsuit where this is the case is difficult. However, I don’t want to work for an employer who made the (illegal) decision to read my blog and due to what I wrote made the decision not to interview or hire me.
Yesterday, I watched John Green’s video Perspective. He shares his story from twelve years ago when his life wasn’t going well. His girlfriend had just broken up with him, he wasn’t eating well, and I’m sure thats just the tip of the iceberg in his situation. He calls his parents, decides to go home, tries to quit his job, spends two weeks in daily therapy, has his psychiatric medication changed, watches Harvey, and then goes back to Chicago. Things slowly get better and he finishes a seed of what became his published first novel.
When I watched John, describe his struggles of twelve years ago, it struck a nerve because I’ve been in the same neighborhood as John.
Now John Green is an author with books on the New York Times best seller list, a vlogger, a husband, a father, a performer, and most importantly a really nice guy. He currently is living what many would consider a successful life.
I leave the blog entries about the shitty, sucky parts of my life online precisely because I’ve been there, and I know others currently are in the same neighborhood. I wouldn’t describe my entire life at this moment as successful, but there are parts of it which are amazingly wonderful, and I’m working on the rest.
It is important to share the less glamorous parts of life because we are taught that life is like the top panel in this comic from thedoghousediaries:
However life is most like the bottom panel.
If we only share the wonderful sides of our lives, we risk making our successes seem too easy. In turn, when others compare themselves to us, they it makes their falls and failures seem insurmountable.
I find comfort and some solace in knowing that John Green has had struggles with depression and clearly has gotten better, that Wil Wheaton has had struggles with depression and got better.
I also find it valuable knowing that even folks find themselves on paths that don’t work, like my friend Christine who left graduate school or our minister, Matthew, who jumped from being a case worker to a minister.
I leave my blog intact in the hope that others will find comfort and solace in knowing that I have been where they are now, and that life does get better.
Getting Bitch Slapped in Public
I just got bitch slapped by Nancy Kirkner, a handbell soloist in Seattle, on her blog.
Some of her descriptions don’t quite make sense to me. I’m described as someone who has bullied her for months, when I can only think of one discussion thread within the past year that we disagreed strongly. I admit I very strongly advocate my ideas and positions. I do my best not to attack other people, but only to attack their ideas. I admit to engaging in parallelism, directly mirroring her comments in my responses, but this was only intended as rhetorical flourish, nothing more. I’ve written in another blog entry that hasn’t yet been published that “I ended up making an ass of myself over there there. Part of the reason that happened is that my main discussion adversary in that discussion often fell back on ad hominem attacks and baiting me in the discussion. (Sadly, I was stupid and angry enough to fall for the times she baited me.)” But, I’ll leave the reader to decide. The discussion in question is archived on the Handbell-L Google group under the There’s an app for that! and Copyright Litigation.
What really frustrates me is her back handed ad-hominem attack: “Perhaps this bully just feels really bad about himself, and hopes to feel better by making others feel bad about themselves too. He’s written publicly about his depression, job loss, and difficulty forming lasting relationships, factors that often make people hostile towards other people, especially those they envy.”
Let me be clear: I don’t envy Nancy. She has what she has. I have what I have. I am happy in many parts of my life, especially what I have musically. It is one of the great joys in my life that I get to make music with my handbell quartet. I wouldn’t trade it for any other musical endeavor.
Given what Nancy has described, I have to assume that Nancy has read much if not all of my blog. With this in mind, I am saddened that by her statements in light of the arguments I have made for compassion toward others, in my blog entry You can’t Get In my Head, There isn’t Enough Space. It incenses me that she presumes to guess what is in my head. She has never asked me about this part of myself, and besides there isn’t enough space for her or anyone else to get in my head and truly understand what is in there.
I’ll admit to stepping on Nancy’s toes at least once before, and when I did I apologized in public via email, in private via email, and in private via postal mail. None of these apologies were acknowledged, let alone accepted.
I only have so many cheeks to offer.
How to Kill Actors
You might not realize it from all the geekiness that I display, but I was once a theatre major. I did all sorts of things in the theatre in middle, high school, and college including:
- Acting
- Singing
- Playwriting
- Directing
- Technical Direction – (including un-counterbalanced flying of cubes and whatnot, those who know what this is should shutter a bit.)
- Direction
- Stage Management
I was good at some of this, and I sucked at other parts of it. I never got and still don’t get acting, even though I did a fair amount of it. In theory its simple: folks get up there and pretend to be someone else. Thats like saying all there is to programming is figuring out all the ifs and thens that you have to write out, and failing to mention all the stuff about data management, memory management, debugging, and optimization. (I once suggested to the professor of my acting for non-acting majors class that I should audition for the local professional theatre, she looked at me like I had 17 heads, needless to say I got the message and didn’t audition.)
Directing a play is even trickier, many actors become directors, because they understand actors and how to coax what they’d like from the actors and artists around them. I on the other hand more likely treated actors and designers as puppets of sorts: Please give me X, Y, and Z. Thank you. I’d like a white dress for the actress in this scene, it should be beautiful and simple.
Treating actors like puppets is the surest way to kill them. (Not literally of course, or maybe literally, I don’t know really, actors are interesting people, treating them like puppets might kill them.)
A theatre professor and director that I worked with for a while told me of a time that she needed a character to be in a white dress for a scene. She wrote a whole paragraph on that white dress for the costume designer. I don’t remember every bit of what she shared with me but over ten years later I still recall that it included describing the dress as if it was an vanilla ice cream cone on a sweltering hot summer day. Not only did she get exactly what she wanted from the costume designer, but the description empowered and drove the costume designer to embrace the director’s vision.
You kill an actor or designer by asking for exactly what you want. You empower and drive them by sharing your vision and challenging them.
Being in the Moment of Loss
Today one of my dear friends, Chris, is leaving Seattle. Today is the day the truck gets packed and she leaves to fly out at 8 pm or so.
Her husband has asked for assistance in loading the truck today. I am free today, however I want to skip helping out. I have a perfectly valid excuse: my ankle is still unhappy from its recent escapade on the side of the street. But that is just an excuse. I want to skip saying goodbye. As if not saying goodbye will prevent them from leaving, or will prevent me from having to experience or accept the loss of my friend.
I’m drawing parallels in my head to my friend Jenni. I never said goodbye to Jenni when I moved to Seatle. My selfishness of not wanting to wait, not wanting to be tied down, not wanting to acknowledge the connections I had to where I lived robbed me of saying goodbye. I’ve seen Jenni since, and I’ve said goodbye when we’ve parted. But it isn’t the same.
This summer has had a remarkable number of friends from UUC who have or will be leaving. I haven’t said goodbye to all of them who have left. The reasons are complicated and pedantic, inconsequential and with consequences.
I want to avoid the moment where we actually say goodbye, as if skipping saying goodbye will prevent her and everyone leaving from actually leaving. All skipping saying goodbye does is save me from being in the moment.
I love being in the moment when its fun, exhilarating, peaceful, meditative, or musical. Not allowing myself to be in the moment of final loss cheapens and degrades those other moments. I know I cannot live fully without accepting both.