Category: Internet matters

Posts about the internet

Passphrases should be universal

One of the most annoying things about maintaining good password procedures is the fact that various places have different requirements. Some sites I use require one capital letter and one special character (100%Beef!), whereas others forbid special characters but require numbers. Many places have minimum password lengths, while a few especially annoying ones have relatively short maximum password lengths. Relatively few permit you to use a passphrase.

The best option would be to permit an unlimited string, including whatever punctuation and special characters are desired. Using a string basically foils brute force attacks, as the result of the sheer number of combinations. A hardcore password like “Sz5XULBKwPtI” is probably no more secure (and certainly much less memorable) than a custom phrase like: “The thing I most enjoyed about Paris, France was having picnics in the evenings.” Even if you only permit letters and numbers, each additional character increases the maximum possible length of a brute force search by a factor of 36: 62 if the passphrase is case sensitive.

Attacks not based on brute force (such as those where keystrokes are logged or passwords are otherwise intercepted) can naturally be carried out regardless of the strength of the password itself. What a passphrase system would allow is a high degree of security along with lessened requirements for obscure memorization. All it would take is a few minor code changes here and there, after all.

Improvement to GMail security

Array of cheeses

Much to my delight, GMail has added an ‘Activity on this account’ feature. It is located down at the bottom of the inbox page, where it lists the time of last account activities. Clicking ‘Details’ leads to a pop-up showing the last five instances of account access, the form of access (browser, POP, IMAP, etc), and the IP address.

This is a big security advance. Previously, anyone who knew your GMail password could access your account at will, with no way for you to know. They could even be logged in at the same time as you, with no sign on your machine that this was happening. This is also addressed by the new feature, which includes an option to log out all other accounts.

GMail users should definitely take a peek at this information from time to time, especially if they are in the habit of using their account from shared or public computers. Given (a) how much information the accounts store and (b) how easily searchable they are, any attack that gains access to your GMail account could have serious consequences.

WiFi wars

The present situation in my flat is a classic failure of coordination. There are so many (encrypted) wireless networks operating that interference seems to have become a major issue. Internet access has become slow and unreliable. Of the eleven channels in the 802.11b/g standard, only three (1, 6, and 11) are fully non-overlapping. The individual wireless access points are all interfering with one another, as well as with everything else that operates in the same part of the radio spectrum: microwaves, 2.4 GHz cordless phones, security cameras, Bluetooth devices, baby monitors, wireless video game controllers, fluorescent lights, etc, etc. Indeed, a new phone somewhere in my vicinity may well have been the straw that broke the camel’s back, as far as the 2.401 MHz to 2.473 MHz range goes.

Everyone would have faster and more reliable internet access if we could shut down all but a couple of the access points. Unfortunately, there is no way to coordinate such an action. Furthermore, anyone who actually ran one of the reduced number of access points, if such an agreement could be reached, would be faced with the same kind of illicit usage that forced me to shut down my open network.

One option is to seek a technological fix, in the form of 802.11a or 802.11n equipment that is less likely to be interfered with by existing devices. Of course, given enough time, those devices are likely to face similar hurdles.

Re-encrypting WiFi

Unfortunately, I had to shut down my open wireless network experiment. That is because I found three people within the span of two days who were both (a) criminal and (b) very stupid.

One thing to remember: if you are going to use open wireless networks to download illegal things, make sure you aren’t sharing your entire hard drive in read/write mode. Not only will the person running the network get wise to you without even needing to sniff packets, they will be able to remotely eliminate your ill-gotten files before banning you from the network. If they were so inclined, they could do much worse things to you.

I suppose I could set up a captive portal system using something like ZoneCD – thus providing scope for well behaved neighbours and passers by to use the network. That would, however, require acquiring and setting up a computer between my DSL modem and WAP. Since the two are presently integrated, the expense and bother would be even greater.

As is so always the case, a few bad apples have made it necessary to discontinue a good thing.

Who are you really talking to?

Bruce Schneier has an interesting post about man-in-the-middle attacks. These are situations in which party A and party B are trying to exchange sensitive information privately (for instance, credit card numbers or orders for moving hostages) without realizing that party E is in between them, pretending to be party A to party B, and vice versa.

The attack model has been mentioned here before in the context of cellular phones. It is rather more interesting in the context of the Betancourt rescue from the FARC.

Getting VOIP phone numbers

Construction site in black and white

Voice over internet protocol (VOIP) is a way of sending and receiving telephone calls over your internet connection. At its best, it means not having to deal with local fixed-line telephone providers at all. It is also cheaper and more versatile than a conventional phone and offers possibilities not normally available, such as having local numbers all over the world that you can access from any internet connection, as well as things like having your voicemail messages emailed to you.

Those waiting for SkypeIn to be available in Canada do have at least one option of comparable price:

  1. Get a router with SIP based VOIP functionality. (For example, the Thomson ST780 sold by Teksavvy.)
  2. Get Canadian Direct Inward Dialing (DID) numbers from someone like Voip.ms. These cost $2 per month each, and are available for a great many different areas. You can also get numbers in the US, UK, or elsewhere. Many numbers can be used seamlessly with the same phone and voicemail system.
  3. Get a free account with MySIPswitch.com.
  4. Have that free service configured by someone who actually understands how it works (not me).
  5. Configure the DIDs to point to MySIPswitch
  6. Configure your router
  7. Plug a phone into your router. It will now receive calls from any of your DID numbers, and can also place calls anywhere in the world at low rates.

Sure, a pre-packaged system of the Skype or Vonage variety would requires less tinkering. That said, the approach above works right now, and costs very little to boot.

Improv everywhere

The internet creates the possibility of organizing amusing mass pranks. Improv everywhere (who have done some funny things in the past) came up with a clever idea employing twins and subway cars.

Both of my brothers did improv of the more conventional on-the-stage variety. These sorts of surreal social experiments don’t require creative skill on the part of the performers, though they do produce entertaining bafflement among passers-by.

Stupid comment forms

The following is a short rant intended for all those who design comment forms on websites:

When you have a box that says ‘homepage’ or ‘website’ it is absurd to make people type http://www.mysite.com. The HTTP means Hypertext Transfer Protocol. Every website in the universe uses this transfer protocol, so making someone type it is always redundant.

The same goes for ‘www.’ Homepages and websites are on the world wide web. They aren’t mail servers or any other sort of networked beast.

In conclusion, I should be able to type sindark.com and your comment form should understand it.

P.S. Even more unforgivable than sites that produce errors when ‘http’ and ‘www’ are lacking are the small minority that produce absurd URLs when you enter a site name in X.com format. I have seen sites where putting that yields a link to: “http://www.siteIamcommentingon.com/X.com.” Nightmare!

P.P.S. See www is deprecated for the argument that having to say ‘www’ is unnecessary in all circumstances, not just when filling out comment forms.

iTunes movie rentals

Ezra Pound quote

Last night, Emily and I tried renting a film through iTunes. I think it’s fair to say that this is another media technology that Apple got right. There are endless problems with systems that promise to let you buy films in the form of downloads. There are limitations on usage, and no guarantees that you can use them on future devices. Renting is quite different. Apple offers a service akin to that of a video store for a comparable price and without the bother of picking up and returning discs. With a bit of equally convenient competition, costs may even fall further.

Indeed, it seems pretty fair to predict that video shops have no future among those customers with computers and broadband access. Eventually, web based services will offer far more films at similar quality and far greater convenience.

Personally, I am rather looking forward to the day when it will be possible to spend $4-5 for two days worth of access to most any film ever made.