Nerdy Security Discussion

Ok, I’ve been having a debate in my head for about a week now, and so I figured I’d open it up for discussion:

Right now, I have three classifications of passwords:

  • "Secure" – A memorable, yet obscure base (would look random to most people) with host-specific unique data inserted within (via a mental hash function)
  • "Screen-door lock" – a simple mixed case alphanumeric password I reuse across multiple hosts.  This is for hosts (typically, random Web sites) where it would be mildly irritating if someone had access to my account…
  • "Who cares" – This is for the hosts that I don’t care about yet require me to input a password.  It is a completely insecure, throwaway password.  It could probably be brute-forced in about 30 seconds.

I began thinking about whether or not it would be ultimately more secure to have one classification of password (really secure, pseudo random noise) and store those passwords in a single, encrypted password store behind a single "secure" password.  This store would obviously be very backed up and treated as other personal data.  

Clearly, this is a single point of failure, so if someone compromises my password store, everything is compromised.  On the other hand, each individual password would be far less guessable…  

Opinions?



Baseball

When I watched baseball as a kid, it was a really simple affair which basically boiled down to “I hope the Mets win”.  My friend Matt Hansen and his father were WAY into baseball, and that’s where I became interested.  I didn’t know anything about statistics, rosters, or even the minor league (beyond it’s existence).  We’d watch a game on TV or listen to it on the radio, and occasionally go to Shea to watch a game.  At some point, though, I stopped paying attention to Baseball.  As an adult, I had convinced myself that I stopped caring around the infamous strike, but the math on that doesn’t work out, because the strike was in ’94 and I’m pretty sure I stopped caring much earlier than that.  Regardless of when it happened, it happened.

I managed to avoid Red Sox fever for many years of living in Boston…  When I moved here in 2001, it was amazing to me how serious Boston sports fans were…   The startup I was working for, Rovia, had it’s office right on the corner of Yawkey Way and Brookline, across the way from Fenway (and, troublingly for my waistline, directly above the Best Sausage Company).  It was a madhouse in the summer, you either had to leave the office at 5pm or wait until the 2nd inning or so before the streets calmed down enough to make it to the T.    I’d be walking to the office from the T at 10am on a day with a 7pm game, and I’d already be getting harassed by scalpers (“NEED ‘EM??  GOT ‘EM???).   This city breathes it’s sports, especially baseball..   You see team colors all over the city on game days..   Every bar with a TV is showing the game..   People simply assume you’re at least familiar with what’s going on with the team.

When I was working at Goodrich, I won two sets of tickets to the company seats.   The first was in August of 2004 in what would turn out to be the lead up to their World Series win.  I really enjoyed the game and got my first glimpse into what it is about this team and this park that made people crazy..   But it faded quickly, and even though the Sox were in the playoffs and ultimately the Series, I didn’t pay much attention…  Local friends had parties to watch some of the games, and I attended, and cheered on the home team, but it didn’t stick.

The second set of tickets was in 2006, and this time around things were a little different.  The first game I attended was with coco_b, and neither of us were particularly into baseball…   But when I got tickets to the 2006 Patriot’s Day game, Corinna suggested I bring roryk along, because he was into the team.  It was at this game that the flint was sparked, although it took awhile for the fire to take. 

It was after attending this second game that I slowly started paying more attention to the sport.  It was Spring of last year when I first started to recognize “the symptoms”, but the finishing blow was the new HDTV.  Rory, adamfletcher and friends started coming over to watch games all of the time, and I found myself checking the scores even when I was unable to watch the game. 

I’m fairly certain that the World Series win last year was what set the hook in my cheek.  This year, I followed all of the off-season dealings, watched a bunch of spring training games, woke up at 5am to cook pancakes and bacon for a bunch of guests for the Opening Day game in Tokyo, and have seen or listened to at least a few innings of almost every game this season.  I pay attention to scouting rumors and news, I have read books on the game, I read Baseball Prospectus and the local sports sections baseball coverage, i discuss player statistics, sabermetrics, and scouting rumors…  It has gotten completely out of hand.   And I love it.

I am a nerd.

While it certainly wasn’t the nerdiest thing I have ever done, waking up at 6am on Friday morning to get an iPhone 3G is up there. I got to the Chestnut Hill mall around 6:40am and was approximately 50-60 people deep in the line. The store was not opening until 8am, so I sat down on the floor, busted out my laptop, and caught up on my RSS feeds, etc. Quickly the line was twice as long, extending all the way out of the mall.. My “line buddies” were all pleasant and we were chatting the whole time. We had heard that the Apple Store had planned on moving 100 customers per hour through the store, so being 50 people deep I was expecting to be out of the store by 9pm at the latest. While we waited Apple had people going up and down the line giving out Coffee, Tea, and some kind of fancy (smart or vitamin) water, which I thought was a nice showing of appreciation of your psycho-fans.

The store opened at 8am and they let the first batch of about 25-30 people in. They easily had 30 employees working the store, so it seemed like everything would move along quickly. Unfortunately, as some of you are already aware, this was not the case. It was quickly apparent as 20-30 minutes passed with only a handful of customers leaving the store that things were taking longer than they estimated. Apparently both AT&T and Apple’s servers were getting crushed. The server for the wireless handheld POS terminals the Apple employees use even crapped out at one point, although that was a quick reboot..

It was 9:40 before I got into the store, and all that meant was further standing in line. I finally was served around 10:15am, but it took forever to execute the transaction because of the network/server crush. Initially, after I finally paid, they took me to a station where they tethered the phone to a mac and tried to activate it with iTunes, but within the first minute the rep mentioned something about doing it at home and I jumped. I got out of the store at 10:40, and there were easily still 150+ plus people still waiting on line. Apparently soon after I left they stopped trying to activate the phones in the store at all, so perhaps the line started moving along quicker after that.

I got home and tried to activate, but it wasn’t until after lunch that I had any luck.. Eventually, either Apple/AT&T fixed their problems or enough people gave up that I was able to activate.

All that said, I kind of expected these kinds of problems, so while it sucked, I was prepared for it to suck… I’m loving the phone so far, although it’s going to take me awhile to become proficient at typing..