Your passwords sux!

I have facebooked that LastPass is the tool everyone needs to be using.  I am not always clear as to why I select the tools that deserve your attention.  Every week I get some news and security tidbits from the below podcasts.  What I love about this particular source of information is that Steve Gibson provides ALL the details, dives deep and leaves no stones unturned.  I know this is the second post in a row about Steve’s stuff – but I really did get a Facebook message from a cousin today asking why he should trust LastPass with his passwords.

The short answer is that LastPass does not get your passwords (not exactly).  All that is sent to them is your encrypted stuff.

Most if not all of the password decryption runs in your browser – but it may look like it is on their site.  I am no longer 100% clear on this but myself I will have to re-listen to the first podcast below.

Lastpass and why you can trust it:
Text http://www.grc.com/sn/sn-256.htm Audio http://media.grc.com/sn/SN-256.mp3

Lastpass and why you should use it:
Text http://www.grc.com/sn/sn-366.htm Audio http://media.grc.com/sn/SN-366.mp3

There are some password recovery items the paranoid should look into and disable (but think, know, trust, what you are doing when you do so).

Always Swim Up

Knowledge is the reset button

This post is about how knowledge and research can change your life.  A while back I made a simple internal pact with myself.  If I hit 200 LB I’ll just stop eating.  Funny thing is, that worked for three or more years.  I should mention there was a prior limit set at 195 LB.  Before that, I was not really watching.  Weight gain was depressing and all, but not getting in the way as far as I could tell (my doctor had been saying otherwise, but it fell on deaf ears).  When I started to mull over setting the limit to 205 LB I had to put my mental foot down and say no.  At that point, it came to starve a few extra hours a week to force the 200 LB limit into remaining valid.  That was probably going to be the rest of my days – fighting the 200 LB limit.  In fact, I had already resigned to it.

Diets for me are transient.  I’ll start on one once in awhile.  Never with true intent.  Never with passion.  Never with any successes.  Sure a few pounds at the start – yippie!

The 200 LB limit sat at the back of my brain taking up undeserved space while injecting the fear of getting set higher and higher over time.  I did not want another diet, I did not want to exercise a ton, I wanted to make sustainable healthy changes that put my weight on a downward slope, however slight, just point it down.

Then I learned something.  In one hour.  I was lead down the simple path of well-presented information to the knowledge that reset the way I look at everything.  I’ve recently “let my weight drop” and put it on that downward slope.  What a crazy sentence. It seems to imply I have control over the angle of the slope.  I do.  Today, for instance, I woke up to a 175 LB me. Nice!

What worked for me was simply adding quality knowledge about the human body to my brain. What is a protein, a fat, a carb, a sugar, a ketone?  What of these do I eat or process?  Knowing more about these; what simple changes can I make to effect the changes I have long desired?

It is difficult to find something that’s posted in/on the Internet without agenda.  I’ll try not to lie.  I want you to go out and learn how to learn.  How to filter the noise.  How to know when you don’t know.  I am not teaching these things, they are milestones on your way to finding the reset buttons in your life.

All I can share is what got me excited about learning to learn and to carve through the noise to find the pure notes of relevant research.

I listen to a security-related podcast every week.  By Steve Gibson.  Called “Security Now”.  If you are in IT or a geek like me you’ll find it wonderful.  Regardless, what happened out of the blue one day was; Steve did a health-related podcast about vitamin D.  Why?  I didn’t care, I got to listen to a very capable explainer explain all about vitamin D.  He consistently applies significant time and energy to each topic he presents on the podcast, this health episode was no different.  He even presented data he had collected from his own blood tests and experiments in sunbathing to collect vitamin D.

Fast forward a bit in time and there was another unexpected health-related podcast – this time Steve had been experimenting on himself as it pertained to diet.  As like any security related podcast he taught you the basics and built upon them (over two podcasts this time).  By the end, I knew I had started my next chapter in life.  I have since played the podcasts a few more times, bought and read two of the books Steve recommended, initiated simple changes in my daily food types, and lost 25 LB since May this year (4 months).  I have also since learned (as yet another chapter of life unfolds) that without quality data and research you are courting a mundane and manipulated life.

Question everything.  Question this blog post.  Research and return.  Question more.

 


 

New proposed TLD .pinkbunny

A new top-level domain (TLD) is being proposed to  B’ecause’ I CAN as a safe alternative to existing domain namespace.  The “.pinkbunny” domain will be aimed at those organizations requiring a high level of trust and security of their websites, such as kids with pink bunnies, those who may have lost a pink bunny and other critical infrastructure sites that deal with pink bunnies.
The proposal is that organizations successfully registering a site within the “.pinkbunny” domain space would need to undergo a thorough background check and also adhere to a number of strict security requirements such as photographic proof of said pink bunny and regular visits to the vet for checkups to ensure no virus infections.  Any sites not adhering to the security policies would be disconnected.  B(ecause) I CAN is currently reviewing submissions for new TLDs and is expected to publish its results over the coming weeks.

Lots of LEDS – now I get it!

This is the page that allowed me my “Eureka” moment on how to drive a large number of outputs from a very few number of pins.  If you ever wished you could have 10 or a 100 more output pins – the shift register chips are ones to consider.  I won’t blabber on just follow the link watch the video and you know where to start if it can be applied to your own effort.

http://bildr.org/2011/02/74hc595/ 

Enjoy

Stock Bot – about the 4511 BCD to 7-segment decoder

Not to be trite but you may learn more here wikipedia.org, than here.  This post is intended to fill in some of the background of how the 4511 chip was used in the Stock Bot project.  Let’s dive in and see if it remains coherent.  The chip is designed (I presume) to enable one to use fewer data lines to drive a 7-segment display.  LED displays are common while the one in Stock Bot is a little less so.  A seven segment display has 7 inputs one for each light element.  You would need 7 data lines to drive a single digit and much more to drive additional digits.  This project does not use the data latching features that enables several 4511 chips to drive several digits while keeping the data line count to a minimum.  When you scale the number of digits you really save on data lines and the value of the chip becomes evident quickly.  To be brief, several digits can be managed (like a clock) by locking the currently displayed value into each chip and then unlocking only one digit at a time to effect a change to that digit.  Quickly locking and moving on, unlocking change lock, continue.  If that made any sense you got the idea.  Do this fast enough and large multi-digit displays can be managed – again with 4 data lines and the latch control logic.

Driving the single chip was a fun code experiment.  So let’s look at that.  Like I said on the Stock Bot page I had to learn (re-learn/hack in) C# for this.  When you drive the chip you are essentially sending it a binary code along 4 digital lines.  A 4 line data bus I guess.  Given an integer from 0 to 9 convert, that to binary or otherwise figure out how to set your 4 data pins correctly.

A set of if statements would do that.  A switch statement would do that.  Both I tried as I had to get something started.  Neither felt clean enough to me (don’t get me wrong some of the code is still too ugly to even tell you about yet/ever).  So I worked out what I have below because I knew in my mind something cleaner should exist.  Your improvements are welcome as comments.

    // helper class
    class BCDOutputClass
    {
        byte mask1 = 1;
        byte mask2 = 2;
        byte mask3 = 4;
        byte mask4 = 8;

        OutputPort Bin1 = new OutputPort(Pins.GPIO_PIN_D9, true);   // A
        OutputPort Bin2 = new OutputPort(Pins.GPIO_PIN_D12, true);  // B
        OutputPort Bin3 = new OutputPort(Pins.GPIO_PIN_D11, true);  // C
        OutputPort Bin4 = new OutputPort(Pins.GPIO_PIN_D10, true);  // D
        OutputPort CommaPin = new OutputPort(Pins.GPIO_PIN_D13, false);

        // Constructor
        public BCDOutputClass()
        {
            //
        }

        // Instance Method
        public void Display(byte a)
        {
            a = (a < 10)? a : (byte) 10;
            Bin1.Write((a & mask1) > 0);
            Bin2.Write((a & mask2) > 0);
            Bin3.Write((a & mask3) > 0);
            Bin4.Write((a & mask4) > 0);
        }

        public void Clear()
        {
            Display(10);
            Comma(false);
        }

        public void Comma(bool a)
        {
            CommaPin.Write(a);
        }

        // Destructor
        ~BCDOutputClass()
        {
            // Some resource cleanup routines
        }
    }

Most of this becomes clear if I just talk about the meat of the code in public void Display(byte a).  Maybe not but let’s start there as it is the crux of what makes this (IMHO) better over an if or switch statement.  I have, of course, not tried to figure out if this compiles to smaller code or not – that’s not a concern I have any interest in yet.

The function takes in a byte – the code when running sends in the values zero to 10 when all is normal.  10 is an exception and I should explain that first as the line first executed is a test for values over 10 and if over we revert a to 10. 10 in binary is 1 0 1 0.  Setting the 4 pin data bus to an invalid value.  1 0 1 x (where x means it’s not important) happens to BLANK the display.  This makes the code in the function public void Clear() fairly obvious now why it sends a 10 to Display().

The 4 pins how do they get set?  ok, let us use the digit 9 and now step through the rest of the function.  Pin 9 on the Netduino is connected to A or D0 on the 4511, the lowest order bit (ones). 12 is to B or the twos, 11 is to C or the fours and pin 10 to D the highest order bit the eights.  You can look to the mask declarations to get a feel for the positions too.

9 is binary 1 0 0 1

We need to set line A to true, line B to false, line C to false and line D to true.

(a & mask) what does that do?  “a” is type byte and mask1 is of type byte.  The & says do a bitwise AND of the two values.  What’s a bitwise and – (for now – Google it) but I’ll do the math here and might get it across.

1 0 0 1  (9)
0 0 0 1  (mask1)
-------  bitwise and says 1 only when all are one
0 0 0 1 (1)
Result = 1

1 0 0 1  (9)
0 0 1 0  (mask2)
-------  bitwise and says 1 only when all are one
0 0 0 0 (0)
Result = 0

1 0 0 1  (9)
0 1 0 0  (mask3)
-------  bitwise and says 1 only when all are one
0 0 0 0 (0)
Result = 0

1 0 0 1  (9)
1 0 0 0  (mask4)
-------  bitwise and says 1 only when all are one
1 0 0 0 (8)
Result = 8

Let’s take the results of the first operation.  We got a 1.  There’s more in that line of code (a & mask1) > 0

Greater than zero completes a comparison.  Results in a boolean.  True or False.  The first part will result in a zero when we need a false result and a true value when the result is anything else 1 or above.  In the case, we just ran through, we had a 1 and an 8, both greater than zero, and so had two lines (the first and last) set to true.

By now you’ve either gone Aha! or Duh or are scratching your head.  Either way I am done for now 🙂 enjoy.

Now learn that fun math

Not much to say here.  Just DO IT! http://www.khanacademy.org/ is a wonderful site. If you have a passion for learning or re-learning you will want to bookmark the site. I reconfirmed my ability to add and subtract 🙂 I am going to do every math lesson until I top out (maybe at division).

Free learning – if you have kids – create accounts now. This will help every kid and you’ll be sorry if you don’t also sign up like I have and sharpen your skills.

http://www.khanacademy.org/

Math is fun, yes indeed.

I love to listen to these guys chat, Leo and Steve.  Recently I needed to get a friend up to speed on a secure key exchange. Not the simplest topic on the roster.  Just how do we share a secret over the Internet?  While we know others are watching and intercepting our communications.  We do it with math.  Math, when used like this, forces you to want to learn even more math.  Really, math is fun and you will be smart if you learn math.

The first 15 minutes of this podcast prove to me that the more math you can take in the better off you will be in life.

http://media.grc.com/sn/SN-034.mp3 100% relevant regardless of when it was recorded.

Who did not see thing one comming? Verified by…

Visa and others.  The first time the page came up “verified by Visa” you said “cool this is a very good thing Visa is making the web safer”.  If you thought that you can now go to the back of the class.  You should have been thinking what sort of phishing scam is this?  Where is the URL bar for this popup and why would I sign up for this service from this little dialog on some site?  Does Visa even have a website?  Does my bank know about this?

Now for those of you at the back of the class, the zbot botnet has been augmented to shoot phish in a barrel.  You are the phish, unfortunately.  Thank you, Visa for the swimming lessons (NOT).

Click to read more news on the zbot botnet and how it is mimicking the Verified by screens.

http://www.sans.org/newsletters/newsbites/newsbites.php?vol=12&issue=56#sID301

iPad now in my hands – loving it so far.

Working from the iPad today. Not bad. I can find a way to hold it that works well in most positions. Far better than a laptop in every couch position. For the types of tasks I imagine the iPad to do well with – it is great at home so far. Email and web – and the all important links in email to web – these tasks are very easy to manage on the iPad. Nice big screen the screen rotation lock is a great addition. Watching the last 12 hours of an eBay auction also easy to do. Migrating from an iPhone to this iPad is not going to be difficult.

Apple may have in fact sold a competing product to the iPhone. For those of us that find the size ok to have with us all the time why would an iPhone be required? A simple voice only phone will now probably suffice. I guess it all comes down to how do you want to balance your freedom. By freedom I mean, to which piper will you pay for voice and data plans. iPad is another choice. It’s 3G appears not to be locked to a provider offering even more choice. In fact fostering actual competition once the different vendors see the need to acquire these new customers with unlocked devices. Not free but a new unlocked freedom may bring a breath of fresh air to the Canadian wireless market if nothing else.

I’ll be looking for a pay as you go SIM on a USA plan when I next visit the states. To prove this device is 1) not locked and 2) I do indeed have this new freedom. In fact over the next few months I’ll try to have a month to month plan with Rogers, Telus and Bell and thus exercise my new freedom. At the very least I plan to watch how the plans settle in. Once they all become contracts for longer periods and start to look like current cell contracts, then I’ll give up my hope for freedom. Here’s to that never happening and a real competitive landscape forming instead.

I do like the iPad 3G in Canada. I have high hopes for it to make a difference in how people work and play. It will make a difference in mine, the month to month data plan already has.