Here's a little quiz.  How many passwords do you have?  How complex are your passwords?  How do you remember your passwords?

Personally, I know more than 100 passwords.  I remember passwords to all my accounts, all my computers, servers, databases and most of my clients systems also.  As a general rule of thumb, passwords I create are relatively complex and considerably strong.  I use upper case, lower case, symbols, avoid dictionary words and have at least 8 characters in my passwords (at least the ones that matter).  I do this because of the inherent belief that weak passwords are bad passwords.  They are susceptible to brute force attacks. 

But does that really matter in the long run?  A new paper published states that it's really not that important.  The paper is easy to read and well worth it, but I'll summarize (and improvise) here.

Lets start with the first key problem with passwords:  Who are you supplying your password to, and how often do you reuse the same password?

Your password can be 102 characters, use every symbol and be generated by putting tape on a cats foot and letting it run across your keyboard, if you use this password more than once you could be opening your self up to a severe spanking, depending on where you use it.

Some sites still store your password in clear text.  This mean, in their database, there is a simple string that has your password in there, in all its 102 character cat induced glory.  Any database admin (or maybe even a low tech, customer support rep or bored manager with too many privileges) can see what your password is (not to mention the ever so dangerous possibility that the site you are logging into can be hacked).  And with a little bit of research, can probably learn a lot about you and be able to use that password elsewhere that you have.  (do you have the same user-name in multiple places with that same password?).  It is almost ALWAYS a bad idea to store passwords in plain text.  But how can you tell if the application/web site you are using is storing your password in clear text?  Simply, you can't be sure, but if the site will send you your password to your email address, they are either storing your password in clear text or a two way hash (which is almost as bad)

So to avoid this possibility, you generate a new 100 character password, with all the bells and whistles, for every site you give your password to.  The downside of this is it's getting harder to remember your password (and your cat is starting to glare malevolently at you and your keyboard now).  Even if you degrade it to 10 characters, it still starts to become tiresome to remember all your random passwords.  So now you rely on other tools to remember your passwords for you.  Maybe you save your passwords in your browser.  Maybe you write them down on post it notes stuck to your screen.  Whatever it is, you are a secure trooper, knowing that if one password is broken you will still be safe.

Unfortunately, now we enter the biggest threat to your passwords: Trojans, Viruses and Bears oh my! (alright,not really bears). 

Unlike the brand used for protection, a computer Trojan is one of the most detrimental things you can encounter in the online world (right up there with with people who use smiley faces after every sentence).  A key-logger Trojan will record every key, click and action you perform.  This means it will record every site you go to and every password you enter for that site.  It will then send that information off to it's mother ship and before you know it, all your passwords are hacked.  A virus can read all your stored passwords on your system and send them off.

So what does that tell us?  First, it tells us that we really need good antivirus software on our computers.  Second it tells us that all our efforts at keeping our passwords secure can come to naught very easily.

This is the crux of the paper: Adding strong requirements only complicates users' lives and does little or nothing to ensure safety.  In the end, if someone wants your password bad enough chances are they can get it.

But service providers (aka, web sites) should do something to help mitigate the damage.  First, no one, and I mean no site ever, should use plain text, and should almost never use 2 way hashes for passwords.  Second, if using a 1 way hash, they SHOULD use a complex one as not all one way hashes are created equal (I'm looking at you,  MD5!).  Third, all sites should implement a lockout feature for failed log ins.  This one aspect alone can pretty much eliminate brute force attacks (unless of course,  someone gets a hold of the database from the outside)

Yesterday, Peter Galli announced that Microsoft will be releasing C# and the CLI under the Community Promise patent license.  This means, in essence, that the Mono community can breathe a little easier in deploying applications that utilize the CLI.

I fully believe that the .Net environment and C# are great tools.  Microsoft has a strong language that really helps RAD development, and it heartening to know that we'll be able to use these in other environments besides Windows if needed.

There's a nice little writeup on a comparison of various open source search engines.  We've been using Lucene and Lucene.Net (not explicitly tested) here at Bambit for many years in various projects, and it's nice to see that it is still at the top of the comparisons.

Alas for the poor newspaper industry.

It's becoming more and more difficult for those of the printed news industry. Revenues have been dropping consistently as more and more people get their news from online sources, not to mention the hit they take in classifieds thanks to site's like Craigs List.  What are we to do?

Personally, I like newspapers, and I read them often.  I spend my entire life looking at a computer screen and, while throughout the day I do get the majority of my news from the Internet, I still enjoy spending my mornings reading a newspaper article. The articles I enjoy the most in a newspaper are the investigative pieces.  Then of course, there's the crossward puzzles I enjoy.  And I always read the intellectual section (aka the comics).

But I also don't really read the national papers too much, preferring to read the local SunSentinel and Miami Herald instead (which is odd since, I usually only quickly glance over most of the local sections).  And I can see how people are just not as happy with papers as they used to be.

I think the main problem with newspapers, in truth, is the fact that they are no longer carrying news, but rather yesterdays news.  When a big story breaks, I get email alerts nearly instantly.  If it interests me, I can read the story on a score of sites immediately.  And those stores that aren't big enough to warrant and email alert...well, I check my aggregator sites at least 3 times a day.  So in essence, when I want to know what's going on, I know it immediately. (not to mention I usually have NPR on all morning long)

With the paper, all I am getting is a regurgitation of the facts I already know.  And the intellectual section.  And I am by far not alone.  So in essence, the newspaper is a simply a dying industry, unable to keep up with the rate of change of the world.

Yet, I also subscribe to several news magazines, both weekly and monthly.  This is because they are articles, rather than news stories.  News is the chronicle of events that occurred, articles allow a deeper research into the causes, backgrounds and surrounding issues around an event, along with opinion and thoughts of how the events may affect the future.  This is why magazines, even news magazines, are more resilient to the change of pace of news: they have the time (even weeklies) to research, organize and report that a daily newspaper simply does not.  Having a week to perform this is a lot more time than a day, so perhaps this is one area where newspapers still can't compete.  And if so, again, they are simply a dying industry.  It happens.  New innovation destroys old industries.  It's called capitalism.

But there are those who think that newspapers are too important to fail.  If we don't have newspapers, who can we trust to give us unbiased news? (I don't know how often I can consider any story, article or segment unbiased, but that's not the real issue) 

So if they are too important to fail, what can we do to save them?  Obviously, stop that which is causing them to fail. 

And with that, we reach a certain US Court of Appeals judge named Richard Posner.  He has an argument in his blog that says, at the end, linking to news stories should be illegal:

"Expanding copyright law to bar online access to copyrighted materials without the copyright holder's consent, or to bar linking to or paraphrasing copyrighted materials without the copyright holder's consent, might be necessary to keep free riding on content financed by online newspapers from so impairing the incentive to create costly news-gathering operations that news services like Reuters and the Associated Press would become the only professional, nongovernmental sources of news and opinion"  -- The Future of Newspapers, Becker-Posner Blog

What he suggests would then make what I just did illegal.  Although he is mainly targeting aggregator sites, it would affect everything posted on a the Internet.  In a global sense, imagine not being able to link to a product page of a web site because the description of the product is technically copyrighted.

This is ridiculous in the extreme.  Laws should never be enacted (or expanded) to try to save a dying industry.  This is anti American.  Innovation leads to new products and services and that's what has kept America growing and leading the world.  And copyright law, as it stand in this country, already stifles innovation.  It is built now to keep corporations from having to create new when they can rely on old.  There's that new and old comparison again.

In a few months (October 22 to be precise), Windows 7 is set to be released.  To some, this is a wonderful time, as Vista was none too well received.

Let me start by saying that Vista, from my view, had two major problems:

1) it was excessively bloated.  The memory and power usage for running Vista was significantly greater than XP and don't even get me started on the graphics requirements (at least if you wanted all the pretty effects)

2) The User Account Control.  This is the annoying pop-up anytime you wanted to do anything, requiring you to run it as an administrator.  This one, I can at least understand a little better.  In essence, it was made to stop people from doing things on thier computer without realizing it (such as downloading and installing malware unaware).  And for the general populace of computer users, it's not such a bad thing.  But for someone who is a little more proficient and understands and willing to take the risks, it's just an annoyance.  There are lots of programs I run that HAVE to be run as administrator, and it may seem like nitpicking to complain about clicking an extra time to start a program, it tends to be a bit frustrating (Nit picking would be complaining about not having Telnet installed by default...come on guys, really?  You don't think that's a pretty useful tool?)

As I said, all in all, Vista was not that bad in my eyes, half my Windows systems use Vista, the other half XP.  But even though I never considered it that bad, I did advise more than 1 client to remain in XP.

So now, along comes the strangely named Windows 7 (should be Windows 6.1 truthfully,but that's just not as awe inspiring as that dominant number 7).  And I've been playing with it and...it's nice.  I have the RC installed on one machine in our office, and one of our developers is using it as his daily machine, complete with email, developmental tools, browsers (all the ones we normally test with) and every other day to day item.  All in all, it takes a day or two to get used to the new task bar, but once you do, it's pretty smooth (There's a nice history and explination of the task bar at ars technica and Gizmodo expresses the opinion of Windows task bar beating Mac's OS X Dock).  So this is one I will be encouraging companies to upgrade to when they are ready.  (Still not clear reason to jump the first day, especially in this economy)

With that said, for those companies that like to or need to stay with a homogenized OS environment, there is one thing that InfoWorld points out:If you buy a new PC before April 23rd 2010, you'll be able to downgrade to XP and then upgrade to Windows 7 when you are ready. After April 23rd 2010, your only option is to downgrade to Vista if you want.

For some, this isn't a big deal, but for those who are still completely XP shops, it starts to put a damper on your days. Just something to be aware of

Most of the world knows that there's trouble in Iran with its citizens.  After an intense election, many of the people seem to think that the election was rigged.  While I will leave that speculation to better political brains than mine, I find the most chilling aspect is that Iran has apparently begun locking down communication by locking down access to social sites like Facebook and stopping SMS messaging on cell phones. (For those interested in some of the technical aspects of the Internet traffic, Reneys has a break down of the routing aspects)

It's times like this I truly am glad I live in America.  I have always been a big believer in freedom of speech and that knowledge is power, and these two things have helped to make the USA the world leader it is today.  While I can lament the many small liberties that have been taken from us in the name of security, I hold strong to the belief that we'll come to our senses before we reach the point where to government will be limiting our speech with each other.

      Print media seems to be on the ropes these days, writhing against the information super highway.  Let's face it, not many people can see their dog fetching the morning laptop and slippers. But a vast majority of people in the  workplace do start their day chasing down headlines and news stories on their computer. Print media is up against blogs, wiki's, podcasts, and forums. Audio books are gaining popularity, with the advent of sites like iTunes and Amazon.com.   Add the fact that more and more people do their research  online rather use the library, and it paint a rather dim future for the print  media industry. 
"Most techies have also been getting tech news from sites like Slashdot  for a while, and aggregators like Digg are used more heavily  among techies than any in the rest of the news media. So there is a good chance, that today’s tech news trends are a foretaste of what’s ahead for the broader media world."- Jovan Washinginton (thetechbrief.com)
      And now with the recent "green" push, there is more pressure brought to bear on the world of print media. It would seem like the  written word has seen it's day and it's fate sealed. Only that every computer you buy has written instuctions on how to set it up and operate it! (I guess irony will never go out of style )
Paper has always had a portable advantage over it electronic breatheren, requiring only light to use it. But with portable electronics on the rise, the gap has shortened considerably.
      So the internet brings to the table speed, environmental friendliness, and free expression while print media will always have a certain charm and warmth that the internet will never have.

We started this blog as a place to share some thoughts, concepts and ideas with all who wish to enjoy. Over the coming weeks, months and years, we here at Bambit will be posting on various topics, usually related to software development and programming, or technology in general. We invite you to join in any discussions. If there is a topic you would like to hear our musings on, please feel free to contact us about it.