Do not write down your paswords..

"Dont write down your passwords" is a common mantra of computer administrators /secuity aware users. (Actually a "dont write down your passwords in cleartext" is the true recomendation). However many users ignore this. This weekend someone showmed me this: organizer. From their website:

Trying to remember your ID and password for all the various websites you frequently visit, such as online banking, travel reservations, shopping sites and many, many others can be a daunting task. This handy booklet is the answer to your worries.
....

Includes room for recording:
# The date an account was opened
# The company name and URL
# Your user name and password
# Your upcoming renewal date
# Online bank and other account numbers

Now a thief can have access to all your identification tokens in one shot. This would be gold for 'finantial impersonators' ("Identity Thiefs" IMHO is a very incorrect description of the crime). Please do not recoment this product to others..

Total geekery at the ANML, Redux

As a follow-up to the earlier entry about the old TRS-80 Color Computer: the distinguishing feature of the system in that picture is that it's got a silver case, indicating that it's definitely a Color Computer I (released circa 1979). The keyboard, however, has two extra keys in the lower right corner -- which are "F1" and "F2" keys that didn't appear on preinstalled Color Computer keyboards until the introduction of the Color Computer III in 1986.

Those blurry little keys served as evidence that this wasn't a CoCo that somebody had bought and then chucked in the closet without using, since the keyboard upgrade couldn't have been done at the factory. That meant that maybe this wasn't just another old CoCo with the standard 4KB of RAM and Color BASIC ROM...

And that's exactly how it turned out: once the system arrived, a quick popping-open of the case revealed that besides the new keyboard, it had been expanded to the full 64KB and had the Extended BASIC ROMs installed, increasing its value by at least a factor of four over the purchase price.

Of course, half the keys on the keyboard were stuck up or down because of poor storage conditions, but because this is a product from the days of real keyboards, that's nothing some careful disassembly and a kitchen sink full of warm, soapy water can't solve.

Bootstrapping trust

Who do you trust and for what realms?
This is one of the key issues of security... do you trust every root certificate for your browser? (There are ~43 builtin root certificates in firefox)
How can you trust the first ssh connection to a new host?
And what about context? some of the people you know can good very good recomendations but only on some contexts. At the ANML we are helping develop a tool Nettrust to help users make some decitions while browsing the web. An alpha release of this tool is Available here.

Good passwords

How to pick a good password? There's all kinds of advice out there on this topic. But if you want the right advice, you need only ask the ANML. We're never wrong. What never? Well, hardly ever, as they say.

Sometimes it's obvious

Computer and networking hardware can go bad in all kinds of ways. Sometimes it's obvious what the problem is, and sometimes it isn't. We recently had one of our machines lock up, apparently due to an issue with the storage subsystem. FWIW, The machine in question uses a 3ware IDE RAID controller with half a dozen drives hooked up to it. (We had a bunch of old 120GB drives lying around - six of them configured as a RAID-5 array (with one as a hot spare) was a super-economical way to get almost half a terabyte of somewhat reliable storage, alhough 0.5TB isn't much these days. Anyways... the problem was proving hard to diagnose, since it was intermittent, and manifested itself in different ways - kernel panics... refusing to boot... booting then locking up after variable periods of time.

At one point, we pulled the drives with the aim of re-seating the cables, and a sharp-eyed staff member noticed... well, see if you can spot the problem. Drive removed, all seems to be well. Dry join? Metal fatigue from years of fan and drive vibration? Who knows.

Total geekery at the ANML.

Among the geeky hobbies enjoyed by some of us at the lab is old computers -- if it's out of date, obsolete, and has a narrow data bus, there's a good chance that one of us is somewhat interested. If you pool our mental resources, we could probably write a book of trivia on just about any major 8-bit computer of the 80s.

Even so, one of us had a moment this week that provoked a full-fledged, "Wow, I really am a dork about this stuff."

The guilty party had just bought this lot on eBay, which was advertised as an old TRS-80 and two Odyssey2 consoles. See if you can guess why the photo was so interesting -- there's something unusual there. (Have no idea? Don't worry; we'll post again.)