Why your password can’t have symbols—or be longer than 16 characters | Ars Technica

Why your password can’t have symbols—or be longer than 16 characters | Ars Technica: “The password creation process on different websites can be a bit like visiting foreign countries with unfamiliar social customs.”

(Via. @lars on App.net)

When I was young, I remembered everything. Now I am old, and I remember nothing. And I’ve surrendered to password madness. I’ve stored all my passwords in safe since 2007, with my encrypted data file in Dropbox, so I can access it from any machine that runs Ruby. This way, I have to remember only one password, which is long and complex and just onerous enough to type that I feel safe without feeling overburdened.

Unfortunately, neither my iPhone nor my iPad can run safe, so I bought 1Password and supplement my safe usage with that. I even use the same onerous password for 1Password that I use for safe, but for some inexplicable reason I used a different password on my iPhone that I no longer remember, so it’s useless to me. I should delete everything and reload, but I’m ashamed to admit I did that once before.

For the website I work on for my employment, we have several different environments with different user IDs and passwords that expire more rapidly than I can type, so I just reset them everytime I log in and mash the keyboard like a Whack-A-Mole for my new passwords that I’ll never remember.

Our new lunchroom food system got smart, though–the automated checkout system eschews passwords for thumb scans. No passwords stand between me and Coke Zero!

More on “Where next for Grails”? • GRAILS.IO

More on “Where next for Grails”? • GRAILS.IO: “Grails 3.0 will be a reinvention of the framework that you love, and we will be making some hard decisions about what we support in terms of backwards compatibility. With Grails 3.0 we plan to allow the creation of applications in different architectural styles. Servlet API applications will always be supported, but we plan to make ‘create-app’ extensible, so that Grails can be used to create a range of types of applications (Batch, NIO, Netty, ‘static void main’ etc.).”

I saw this link in a tweet from @jeffscottbrown, and it points to the impact JavaScript is making on web development, whether with rich client apps or node.js on the server. Better to see them acknowledge and embrace the shift.

I did some Grails work a few years ago, and really liked it. Reading this post made me realize I miss doing Grails and Groovy–I’ll have to find an excuse to get back to them!

BTW, however much this domain’s name seems to derive from Grails, I’d never heard of Grails when I registered grailbox.com in August of 2006. Some web poking reveals that work on Grails got underway in 2005, but I didn’t hear about it until much later. My vision for grailbox focused on office productivity tools: (holy) grail + mailbox. I guess I haven’t done much on that front, though!

A $5 app isn’t expensive: Customers need to help fix the App Store economy | Macworld

A $5 app isn’t expensive: Customers need to help fix the App Store economy | Macworld: “You don’t buy a Kindle just to enjoy the dictionary and manual that come pre-installed on the device. You shouldn’t buy an iPhone to enjoy only free apps, either. You’re cheating yourself, all because we’ve become conditioned to feeling that $5 is a lot to spend on an app. It’s okay to pay for good products.”

That’s the best line in a great article.

I’m astonished at how little people value software these days. “Didn’t have feature X! Complete waste of a dollar!” Yet they waste dollars willy-nilly by leaving lights on when they walk out of rooms. Great software can only be produced by great skill and great effort. Use great software, pay for it, and you’ll be happier.

Introducing Wry: A Command-line App.net Client

I’ve released a command-line App.net client for Mac OS X: Wry. Its home page is http://grailbox.com/wry. It’s released under the MIT License, and is hosted on github at https://github.com/hoop33/wry. Check it out, and let me know what you think!

Application Idea: Virtualize Cloud Storage

I have a Dropbox Pro account with 107.5GB of storage, an iCloud account with 15GB of storage, and free accounts with Box (50GB), SpiderOak (2GB), GDrive (5GB), SkyDrive (7GB), ASUS WebStorage (8.5GB), Cubby (5GB), and UbuntuOne (5GB). I have plenty of cloud storage space. What I don’t have is a good way to manage that space.

Each of those cloud storage options operates as an island. Most create a directory in my home folder that its daemon syncs to the cloud. I can set preferences on my various devices for what gets synced inside that folder, but that folder is its own beast. If I want to save something to the cloud, I have to decide which cloud service to sync to and either save to that directory or otherwise upload to that service.

I got to thinking: what about an app that virtualized all that storage into a single virtual drive? This app would take care of managing which service to save files to, depending on file sizes and free space, and could even replicate files across services for my peace of mind. Sounds fun to build and definitely useful.

As I thought about it, though, I realized this app would have two issues:

1. It doesn’t seem very sporting. These cloud services need paid customers to stay afloat. My proposed app could entice people to never pay for any cloud services, mooch the free services, and let the app take care of never running out of space.
2. The primary target audience would be the people mentioned in objection #1, and they’re cheapskates. Not only wouldn’t they pay for cloud storage, they also wouldn’t pay me for the app, either.

GeekTool Won’t Let Me Drag an Icon to the Desktop

TL;DR — Turn off Path Finder desktop to use GeekTool.

I’ve been meaning to install GeekTool on my new Mac that I bought, um, over two years ago. Time flies. Anyway, I installed it from the App Store, ran it, and tried to drag an icon to my desktop as the instructions say. I kept experiencing these symptoms:

When opening GeekTool, I am welcomed to a blank Properties box with just “Geeklet Settings”. Many tutorials have told me to drag either “file” “Images or “Shel” onto the desktop. I do this and nothing happens. The little black box that appears when you click and drag bounces back up to the GeekTool 3 preference box.

http://forums.macrumors.com/showthread.php?t=1199533

The remedy most often listed was to uninstall and reinstall, but before I did that, I realized: I wasn’t actually dropping the icon on my desktop. I was dropping it on my Path Finder desktop, which I enable in Path Finder’s settings (Features > Show Path Finder desktop). That  makes a difference! I turned off the Path Finder desktop (admittedly, I don’t know what it offers, so I don’t know what I’ve lost), and BOOYAH! Dropping GeekTool icons now works.

Microsoft Doesn’t Want Me Using Windows 8

Upgrade to Windows 8 – Microsoft Windows:

Purchasing a full version of Windows 8

If you want to build your own PC and install Windows 8 or Windows 8 Pro, or want an additional operating system running in either a local virtual machine or separate partition (including a Mac), you can purchase the Windows 8 or Windows 8 Pro System Builder products (OEM versions). If available in your country or region, Windows 8 and Windows 8 Pro System Builder products can be purchased at participating stores, you’ll need to ask a sales rep for more information. This version does not include customer support.

I was idly thinking about buying Windows 8 to run in a VM on my MacBook Pro, so I could play around with it. I used to run a Windows 7 VM on my MBP, but it annoyingly kept self-reporting as not genuine and googling showed a lot of people had the same problem and the cure required more effort than I was willing to give to Windows 7. Consequently, I’ve been without any access to testing web sites on IE for a long time, which feels liberating yet irresponsible.

Chrome took me to the Microsoft online store, where I saw that I could download Windows 8 for $40, but that was the upgrade version only. I should be eligible to upgrade, as I have an NT 4.0 full version disk and an XP Home Upgrade disk and a Windows 7 Upgrade disk, but that sure created cranky installation sequences in the past that required trickery to execute (and then ultimately fell apart anyway), so I’ve no interest in a repeat run.

Now I read that Microsoft doesn’t have much interest in my type. No Windows 8 Full-Version downloads–you can only buy it from a brick-and-mortar (after asking a “sales rep”)? And I get no support, even though I’d probably pay more than an upgrader? If the DRM breaks or my VM can’t phone home to authenticate, I’m just taking it on the chin?

Well played, Microsoft–that is, if you’re intending to limit your audience. Maybe you’re more embarrassed about Windows 8 than you’re letting on.

Kill the Password: Why a String of Characters Can’t Protect Us Anymore | Gadget Lab | Wired.com

Kill the Password: Why a String of Characters Can’t Protect Us Anymore | Gadget Lab | Wired.com: “Think of the dilemma this way: Any password-reset system that will be acceptable to a 65-year-old user will fall in seconds to a 14-year-old hacker.”

Mat Honan nails it: the password system is irretrievably broken, and the only security any of us really have is our relative anonymity. We aren’t hacked because we don’t matter, not because our defenses are too strong. And we don’t get to decide if and when we matter enough to be hacked.

More quotes from the article:

Last spring hackers broke into the security company RSA and stole data relating to its SecurID tokens, supposedly hack-proof devices that provide secondary codes to accompany passwords. RSA never divulged just what was taken, but it’s widely believed that the hackers got enough data to duplicate the numbers the tokens generate. If they also learned the tokens’ device IDs, they’d be able to penetrate the most secure systems in corporate America.

Whoops! The apparent security that the SecurID widget thing on your keyring may not be protecting anything!

How about Gmail’s two-factor authentication? Honan tells the story of Matthew Prince:

Prince’s hackers used the SSN to add a forwarding number to his AT&T service and then made a password-reset request with Google. So when the automated call came in, it was forwarded to them. Voilà—the account was theirs. Two-factor just added a second step and a little expense.

Read the article. You’ll cringe all the way through it. Honan finishes with:

Times have changed. We’ve entrusted everything we have to a fundamentally broken system. The first step is to acknowledge that fact. The second is to fix it.

Designing by Making: your process for arranging furniture can point toward a good process for UI design

Designing by Making: your process for arranging furniture can point toward a good process for UI design:

Many contemporary design process artifacts like field interviews, a wall of post-it notes, and paper prototypes reflect an increasingly antiquated premise: that building a real thing is much more expensive than producing a design. 

Later:

Much software is still designed this way, even though the economics of user interface implementation have changed radically. The effort required to create useful, functional, beautiful, reliable, and performant software application user interfaces has been dropping for years, and this trend will continue for the foreseeable future.

Love the furniture-moving analogy. The best designs emerge through iterations, and we must continue to shorten the time and flatten the curve required to build user interfaces to improve what we’re pushing out to users.

(Via flow|state)

Everything’s broken and nobody’s upset /via @shanselman

Everything’s broken and nobody’s upset:

Here’s the worst part, I didn’t spend any time on the phone with anyone about these issues. I didn’t file bugs, send support tickets or email teams. Instead, I just Googled around and saw one of two  possible scenarios for each issue.

1. No one has ever seen this issue. You’re alone and no one cares.
2. Everyone has seen this issue. No one from the company believes everyone. You’re with a crowd and no one cares.

Sadly, both of these scenarios ended in one feeling. Software doesn’t work and no one cares.

(Via ComputerZen.com – Scott Hanselman)

Here’s two of my own in the last week, both involving the Linux machine that my daughter uses for Florida Virtual School:

1. Audio output was garbled, so her online classroom lectures was difficult to understand. I looked in the Settings, in the Sound applet, and changed the output from Stereo to 5.1 Stereo, or something like that. I’m going from memory, so don’t hold me to the exact settings. The sound instantly became crystal clear.
2. After building a graph online using the FLVS software (Flash-based), she clicked the link in Firefox to download her graph. Nothing happened. She clicked the link to print her graph. Nothing happened. I looked at both links and saw that they were Javascript links that popped up a window with either a link to download.aspx or pint.aspx, so I turned off the pop-up blocker in Firefox and tried clicking. Still nothing. So, I pulled the relative URL from the HTML source, tacked it to the rest of the URL, and opened it in a new tab. Bingo–I was able to download the file.

My daughter is a straight-A 6th grader who had no hope of resolving these problems. Here’s another interesting tale about her: she called me today and said, “Dad, how do you charge your nook? I found the nook charging cable and plugged it in, but nothing’s happening. Apparently, you have to plug the other end into something, too, but I don’t know what.” You’d think, based on that, that computing devices lie just beyond her ken, but she texted me a video of what she was doing to try to charge the nook. Smartphones, apparently, she can do fine.

As I’m typing this, a group of computing professionals surrounding me are cursing the Confluence security model because we’re trying to grant Edit access to certain individuals, for certain pages, and things seem to be set up correctly–but no one but the author of a page gets the Edit link for that page. These aren’t neophytes who don’t understand software or security; these are some of the brightest people I know. We’ve all got to design better software, or people will ditch traditional computers for good and stick with iPads and smartphones. At least the audio isn’t garbled, and most people know how to charge them.