Archive for November, 2008

Efficient Microwave Usage

Saturday, November 29th, 2008

I like hot tea, and when I’m not at work I need to use a microwave to heat the water. This involves setting thing the timer to 2:20. It’s kind of an arbitrary time that I’ve chosen, because I put the tea bag in the cup before hand and then let it steep for up to a half hour afterwards (I frequently forget about it).

Enough background. What frustrates me each time I do this is that I always go through the effort of punching in 2-2-0 on the key pad, even though this number doesn’t need to be at all precise. After I’m done entering the number, I always think to myself “Why didn’t you just do 2:22? It would be more efficient from an effort perspective.” I always intend to do that next time, but usually forget.

So I’m now working on optimizing the times that I enter on the microwave to minimize button pushes. Kind of lame, I know, but it’s a little game to play.

Tags: ,
Posted in Random | No Comments »

UIUC was Awesome

Wednesday, November 19th, 2008

This is an example of why. Not the blackboard system. Just the question. See previous rants.

Posted in Random | No Comments »

Passwords in the Clear

Wednesday, November 19th, 2008

I recently made a purchase on MacUpdate and as part of the purchase I was required to setup an account with them (username, password, etc.). Annoying, but all well and good until I received both my username AND PASSWORD in the clear from them in the same confirmation email.

For most people, the reasons that this is very bad should be obvious, but for those for whom it’s not, here are a couple reasons why this is not good.

First, both my username and password were sent unencrypted across unsecured mail relays. At the very least, they should never be included in the same email as this would require a potential attacker to put together several pieces of communication to get all information needed. Regardless, user created passwords should NEVER be sent to a user, as they very well could be used for other things. If you must send the user a password, it should only be a randomly generated password to which the account has been reset. It would be best if this randomly generated password had an automatic expiration if the user did not go in and change it to something personal in the site.

The second, and perhaps less obvious implication, is that the fact that you can send me my own password tells me that you are either storing my password in your database unencrypted or with reversible encryption. Again, this is a bad idea. (I confirmed that they didn’t just send the password from the initial form by requesting my password be sent to me after the initial registration.) You should always store a password using one-way encryption (a hash) and then validate login attempts by taking the supplied password applying the same encryption to it, and comparing the result to the stored, encrypted password. This has the benefit of preventing an attacker from obtaining the actual passwords from your system in the event that you are compromised.

This isn’t even getting in to more advanced ideas for securing pages (not having the username/password fields on the same page for example), but rather just the very basics of not throwing sensitive information out into the network.

Anyway, needless to say, I was very annoyed at all this and sent them an email criticizing their security practices. I also asked them to remove my information from their systems as this is likely an indication of their security practices in general. Anyone who has done business with them in the past may wish to consider doing the same thing.

Tags:
Posted in Complaints, Technical | No Comments »

Lightsabers: The Duct Tape-Tool of the Galaxy

Monday, November 17th, 2008

This How Stuff Works article is making its way around the internet again, this time via Slashdot. Still, every time I see it I laugh, so I thought I’d post it.

Tags:
Posted in Random | No Comments »

Matrix + Windows = Awesome

Monday, November 10th, 2008

Another great College Humor original video.

Tags: ,
Posted in Video | No Comments »

First Snow 2008

Friday, November 7th, 2008

Woke up this morning to the first snow accumulation of the year.

Our deck after the first snow accumulation on November 7, 2008.

It went from 70 degrees on Monday to this today. Also kind of windy (as you can see by the lawn furnature tossed around on the deck).

Tags:
Posted in Random | No Comments »

Determining which Process is Locking a File

Monday, November 3rd, 2008

If you’re like me, every so often when working on Windows you get a message similar to the following:

(So the google can index this: “Cannot delete X: It is being used by another person or program. Close any programs that might be using the file and try again”)

You are trying to move or delete a file and some other program has it locked. Of course, Windows isn’t nice enough to tell you which program has it locked, so the process becomes one of experimental elimination. Try closing program after program until the file frees up, or if that doesn’t work, reboot the system and try again before starting any programs.

After this had happened to me several times in the same day, I got fed up and finally did a little research about tools that can give you some more useful information when this happens. This Google groups discussion gave some good resources that can be used to help out. The first option is one of the Sysinternals tools that was acquired by Microsoft. That tool chain can give you all sorts of great information, including which processes are holding which files.

The downside of Sysinternals is it’s a bit like killing a fly with a sledge hammer. Another alternative is the simple and elegant (yet slightly ghetto-sounding moniker) Who Lock Me. This tool adds an entry to the context menu in Windows Explorer that quite literally says “Who Lock Me”, and by clicking this entry it will list program(s) that are locking the file. I can’t vouch for the legitimacy of the tool. The website looks a little sketchy, but I have installed it on one virtual machine with no perceived ill-effects, and it did do what it advertised, so it seems to work. At least it tells you what Windows refuses to.

UPDATE:
I came across a site for an alternative to WhoLockMe, UnLocker that also listed alternatives of similar tools. Below is a list of the tools linked from the aforementioned page.

Tags:
Posted in Technical | 1 Comment »