Category Archives: Life

Why I secure passwords with SuperGenPass

There’s been a lot of talk about security, passwords, and authentication. As we put more about us online, our passwords become ever so important. Everything from banking to commerce, friendships to resumes, and even our day jobs require passwords.

Passwords are broken

Having worked in information technology auditing, I can tell you that people hate passwords. If I had so many to remember and they were all necessary for me to get my job done, I would simply pick one, easy-to-remember password. Unfortunately, businesses believe this is unsafe and force users to follow silly rules (8 characters, 2 must be numeric, and you must change this password every 60 days). Due to these rules, things become less secure. Two examples:

Passwords start showing up on sticky notes next to computers. Or they are all written down in a handy notebook right next to the computer (typically open to the most frequently-used password). Now that “easy to remember” to me password in my head, is now written down and easy to access by anyone.
Similarly, we use a database like 1Password or some other encrypted database to store all these fancy, super-secure passwords. But, then we protect them behind a single, “easy to remember” password. Now it only takes one password to unlock all your passwords, and we’re right back at square one.

Alex and I feel strongly about password security and he’s written about it many times. Here’s my thoughts and what I’ve found works best for me.

SuperGenPass

Very similar to PwdHash, SuperGenPass creates a unique, complex, secure password for every site you use. The steps are simple:

Enter a “master password” (eg: puppies)
Hash that password against the current domain (eg: facebook.com)
Generate a secure string using those two inputs (eg: 4ced9d6f52dc88d02028d34a3625e43d)
Truncate the result to X characters (eg: 10)

Here’s how SuperGenPass describes itself:

Instead of storing your passwords on your hard disk or online—where they are vulnerable to theft and data loss—SuperGenPass uses a hash algorithm to transform a master password into unique, complex passwords for the Web sites you visit.

Arguably, the concept of a “master password” means you have one “easy to remember” password that anyone can get to and then use to generate your secure passwords. But, there are a few counterpoints:

An attacker would need to know I use SuperGenPass (whoops)
They would need to know how long my generated results are (8, 10, 20 characters long?)
I use a secure master password which is unguessable and not something I’d write down or use elsewhere

Now that we’re all convinced (right?), the mechanisms of using a password hashing utility are super simple.

Browse to site
Type in master password
Use Bookmarklet or Mobile site to generate hashed password
Login!

Since I use Safari, I have SuperGenPass added to my Bookmarks Bar and I can use Command + 1 on any page to trigger the bookmarklet to enter my password. It then finds any “password” fields on the page and auto-populates them with the hashed version. This is very fast and hardly any more intrusive than simply typing a password into a form.

Simply entering my password into the form and hitting Command - 1 means a super-secure password is instantly replaced.

This also works well for me because I can use the Bookmarklet in Mobile Safari (iPhone, iPad). I can pull up the mobile site on any machine in the world. If it’s unavailable? No problem, I’ve stored the mobile site in my Dropbox. Since all that’s needed is JavaScript to run, I can even generate my passwords offline.

Still not convinced? Drop a line or leave a comment to share your thoughts…

Would you rent a computer for $100/month?

6 Replies

Since the most recent MacBook Air was announced, like any self-respecting nerd, I’ve been running some numbers.

The Past

Some context: I’ve used a first-generation MacBook Air as my primary and only computer since July 2008 (27 months ago). This means I use the same computer at work, when I travel, and when I’m on the couch.

Just a mere 800 days ago, I purchased mentioned notebook with the following specifications:

13″ display
1.8 GHz processor
2 GB of memory
64 GB solid state hard drive

And it only set me back a measly $2,699. If you can recall the summer of 2008, SSDs were very expensive. I paid heavily for what has been my faster, and favorite computer in the short history of owning laptops.

That said, much has changed in recent months.

The Present

Fast forward to today and Apple is able to offer nearly the exact same computer for a more affordable cost. In fact, 2008 Devin is pissed.

The latest MacBook Air with 13″, 1.8 GHz, 2 GB, and a whopping 128 GB solid state drive (double what I have now) is a modest $1299. Wow. Less than half the price in just two years.

Sure, the cost of computing is always coming down, we all understand that. And frankly, my computing needs have not changed much. So why even entertain a replacement? Isn’t two years a little premature to swap out?

Improvements

The thing that makes the new MacBook Air interesting is the technology enhancements and iterations that have brought it to where it is today. On paper, my old clunker and the new hotness look nearly the same.

But, in reality, much has changed:

Improved screen resolution means more pixels in the same space
Bluetooth advances that allow me to change songs and volume from a wireless headset
Wireless networking advances for accessing faster 802.11n networks
Better battery technology that gives me at least 50% more working time per charge
Smaller components with more space for more ports (an extra USB and all-new SD card reader)
Support for the Apple headphones with remote volume control and mic
Less space for a backlit keyboard

Not to mention the obvious: an improved device design that makes the machine a tad lighter, slightly slimmer, and a bit more aesthetically pleasing (at the cost of the backlit keyboard). And these are just a handful of the little things I’ve noticed, I’m sure there are more. I hear Apple is detail-oriented.

So, the current MacBook Air is an improvement over what I have in-hand now. Then comes the money.

The Cost

I’ve been thinking about the cost of replacing devices and the “acceptable” frequency of upgrades. With some quick math, anyone can figure out how to amortize (spread out) the cost of their gadget over a lifetime. Since my MacBook Air is my primary and only machine, I don’t even need to assign any special value based on usage; it’s used 100% of the time:

$2700 / 27 months = $100 per month

The immediate question: did I receive over $100 in value every month I used the original MacBook Air? Have the past two years been “worth it” to even start considering a replacement? Short answer: of course. I use it at work every weekday to earn my fatty paycheck.

A-ha, but Crowd Favorite would provide me with my own computer. I happened to opt to use my own. This now becomes a different question for me, personally.

Put another way, would I pay $100 to use this notebook every month for the past 27 months? Still, yes.

Taking any possible side income out of the equation, I would pay $100 every month for the ability to do the following:

Upload, store, manage my large photo and music collections
Connect with friends and family that don’t live nearby via Facebook and Flickr
Download podcasts and sync them to various devices
Browse my email, twitter updates, funny cat pictures, etc.
Compose new blog posts, manage my website, and self-educate
Watch videos on Netflix, Hulu, TED and entertain on streaming video sites
Manage household finances and to-do lists
Play games like World of Goo

All things considered, I can do a lot for under $100 a month. Heck, most people pay close to that just to watch HBO shows and high-definition football games.

The Point

Most would look at dropping a couple grand as a fairly important purchase and avoid it as much as possible. But, rethinking the cost in more manageable and relatable numbers will help realize it’s not that scary. We all know our monthly bills and monthly income, so why not re-think a purchase like a new notebook accordingly?

Would you pay $100 per month to rent your personal computer?

(If you hadn’t realized already, this is my round-about way of convincing myself its okay to buy a new, expensive, and potentially unnecessary gadget. Ha!)

How to quickly make pretzel necklaces

Leave a reply

I like beer (we recently started homebrewing) and I like conventions. That’s precisely why I’m excited for my first Great American Beer Festival which is conveniently located here in Denver.

One pro-tip brought to our attention was to bring food to a half-day beer tasting convention. Sure, that makes sense. But what is the most convenient and tasty beer-related food you can bring¹?

Pretzel necklaces with a pencil

If you haven’t seen pretzel necklaces before, they’re simply a piece of string with hard pretzels, soft pretzels, funyons, and any other hole-based snack hanging from your neck. Think candy necklaces for adults.

You can make a bunch of them quickly if you use an unsharpened pencil or pen to stack up a bunch of the pretzels at once.

Just tape the string to the top of the pencil, slide the pretzels onto the pencil and viola. Now you don’t have to fumble with threading a flimsy string through a hole.

The tool of choice: a non-sharpened pencil with string and tape

Free business idea

I was able to make 3 necklaces this way in less than 5 minutes. I could likely sell one of these for a few bucks at the door while everyone is waiting.

In short, 36 necklaces per hour at $3 per necklace means over $100 for a quick hour of work.

Some experts say these make you look “dumb” and may screw up your palate. We’ll see about that… ↩

Visiting San Francisco

Leave a reply

This past weekend Rachel’s family and I visited San Francisco for a little weekend getaway. We stayed in SoMA which is always a nice downtown experience. With Samovar Tea, SFMOMA, and an Apple Store within walking distance, what else could you ask for?

Beyond the typical attractions (Fisherman’s Wharf) we had a chance to explore some of the less hectic areas in the Bay area. One foggy afternoon we had the pleasure of taking a leisurely walk around Golden Gate Park. This park alone is worth the cost of living in San Francisco. I felt the same way about Washington Park in Portland, Oregon.

: Fisherman’s Wharf

: Exploratorium Museum

: Golden Gate Park

: Rachel and the Muir Redwoods

: Devin and Rachel

: Muir Woods in perspective

We also enjoyed walking around the Marina area and visiting the Exploratorium. I’ve been to some pretty good science museums (Denver, Smithsonian) but this place is amazing. The energy and exhibits possibly could’ve kept us there all day.

On Sunday morning we woke up early, crossed the Golden Gate Bridge and stopped in Sausalito to grab breakfast at Fred’s Coffee Shop. The fried french toast was unanamously decided to be as good as it sounded.

We moved on to Muir Woods and spent most of the morning hiking through the redwoods. Having lived in Colorado and traveled much of the Rocky Mountains, I can safely say those trees are unlike any you’ll find inland. It’s a good thing we arrived early because by 10 AM there were busloads of visitors showing up and lines of cars waiting to park. It was not unlike showing up at an amusement park or a beach on a crowded summer weekend. Though, I did realize that what I like most about California mountain roads are the steep pitches and sharp turns; things that can’t coexist with snow.

Services for busy people

Leave a reply

This is such a first world problem I thought about not posting it. But, I feel there’s an opportunity to make some money and make people happy. I hope I’m not the first to think of this…

How often do you come home to a “missed delivery” notice? I often get it once a month because I forgot to change the shipping address to my office. I’m one of the lucky ones: many people can’t have things shipped to them at work. Consultants are in a different location every week. Where is the delivery service that can drop off my package at my house between the hours of 6 and 10 PM?

Do you hear horror stories of trying to schedule a doctor’s appointment? Not only do they not answer the phone between 12 – 1 (because that’s their lunch break, coincidentally the only time some of us have a chance to make personal calls). Some of us have to take a half-day from work just to get there, sit and wait, meet with the doctor, and then go back to work. What about an oil change? Most of us go to our jobs somewhere between the hours of 7 AM – 7 PM. Oh, and you’re closed on Sundays? How convenient, that’s a day of rest…

Is there no demand for an “after hours” delivery service to make sure I don’t have to drive 10 miles out of my way to get that package I missed? Are there really no doctors willing to work evenings (after we all get off of work) so they can spend the day with their kids? And you’re telling me nobody at Jiffy Lube will work on evenings or Sundays? Let’s be real…

Services like [UberCab](http://ubercab.com) are headed in the right direction. They are geared toward people willing to spend a few extra bucks for regained time and service on our schedules.

Your current possessions

Leave a reply

>You will need to divide your current possessions into four major categories.
>1. Beautiful things.
>2. Emotionally important things.
>3. Tools, devices, and appliances that efficiently perform a useful function.
>4. Everything else.

[The Viridian Design Movement](http://www.viridiandesign.org/2008/11/last-viridian-note.html)

Found via [David’s Log](http://www.davidslog.com/806912418/i-just-wanted-to-give-credit-for-liquidity-is-the) and [Tim Shey](http://tim.shey.net/post/810861819/credit-and-stuff), this is an excellent read on a recurring theme in thinking about possessions; from quantity to quality.

You should include your email address in your signature

1 Reply

Most people will argue that your signature should not include your email address. It’s overkill; it’s redundant. Sure, for one-on-one conversations it makes make no sense: you just emailed them.

But, if you’re forwarding an email or get involved in a thread later, your email client usually does not include full email addresses in the quoted reply/forward content.

Thus, you see “Jim Smith” was looped in early on but don’t have his email address to loop him back in. Or you are forwarded a message that needs follow up but all it says down below is “From: Mark Johnson (Acme Co).” What now, Mark?

Plus, you may have a dozen different accounts that end up at the same inbox. Adding your email address in your signature helps you communicate your preferred address and avoid misdirection in the future.

Ensuring your email address is somewhere in your initial message avoids these situations. No matter how much we use it, email is hard sometimes… let’s make it a little easier for each other.

23andme for adoptees

Leave a reply

There has been plenty of coverage of [23andme](http://23andme.com), lately[^1]. Like any self-respecting nerd (I took three years of biology in high school) I had my own DNA analyzed. If you’re not aware: you send a spit sample which is reviewed for known DNA markers to help identify traits, your propensity towards certain diseases and ancestry.

While I agree the ability to learn more about diseases (as an individual and the scientific community at-large) is an amazing step, I’m also interested in learning what was previously dismissed as un-knowable. Having been adopted at birth, I’ve only had a superficial understanding of my ancestry. Not knowing my biological family, I’ve had no insight into any history of diseases or traits, either.

For many people, they can say “grandma had Parkinson’s, and her sister did, too” and understand there is a chance they’re pre-disposed to this disease. Or people can look at their father and say “well that’s where these freckles came from.” Though incidental, these are experiences and conversations I’ve never had throughout my life.

It’s interesting to me how 23andme has closed a gap that some might not even be aware of. It’s helped shift knowledge back to the individual.

[^1]: I always point people to the WIRED article about [Sergey Brin’s search for a Parkinson’s disease cure](http://www.wired.com/magazine/2010/06/ff_sergeys_search/).

iPad is for consumption, so what?

Leave a reply

People think that the iPad is going to destroy a lot of wonderful things about computers: [tinkering](http://diveintomark.org/archives/2010/01/29/tinkerers-sunset) and [programming](http://al3x.net/2010/01/28/ipad.html), [creating](http://www.buzzmachine.com/2010/04/04/ipad-danger-app-v-web-consumer-v-creator/) and publishing. So what does that leave us with? Consumption. Or in other words, being an audience.

I’ve heard this labeled as a problem: something to the clever tune of a “120% consumption rate” or: we have more people consuming than producing content online.

So what?

– I read much more in-depth articles and stories thanks to the excellent [Instapaper](http://instapaper.com/) app.
– I have read more books in the past year using iBooks and Kindle than of anything printed on paper.
– I’ve watched almost all 700 [TEDtalks](http://ted.com/) posted online.
– I can skim many more RSS feeds thanks to NetNewsWire and Reeder.

In short, I learn more, read more, and find more interesting thoughts and opinions that prompt me to write and share my own.

I don’t see anything wrong with this. In fact, I think this is a great thing. I’m spending more time with higher-quality content than if I were to turn on the TV, throw in a DVD, or spend 30 minutes browsing friend’s photos on Facebook.

Steve Jobs has famously said:

>You watch television to turn your brain off and you work on your computer when you want to turn your brain on.

By this definition, I feel the iPad is a computer and I bet Steve agrees. Many others are categorizing it as a television. People are not simply picking up iPads to turn off their brains (arguably Plants vs Zombies is a game *dedicated* to brains, but I digress), many are also picking up a new device that allows for meaningful consumption.

WordCamp Boulder 2010

Leave a reply

As with last year[^1], [Crowd Favorite](http://crowdfavorite.com/) will be hosting and organizing the local [WordCamp conference for the Denver/Boulder area](http://2010.boulder.wordcamp.org). If you don’t know, WordCamp is a WordPress conference for people of various backgrounds and interests (it’s like no other conference I can think of). I’m excited to see how our [Hydeified](http://andrewhy.de) approach works out this year. We’re always open to suggestions and ideas, feel free to reach out.

[^1]: I organized WordCamp Denver 2009 at the Denver Art Museum. I wrote a [recap](http://wordpress.reams.me/wordcamp-denver-2009-organizer-recap/) here.