Efforts to understand, improve, or do less harm to the world around me.


___________________

Saturday, June 26, 2010

Using Google Docs to scan images for text

Google Books service has so far converted thousands of books into a readable format.  Although this is mired in controversy, I'm glad someone is doing it.  Furthermore, the software that converts the text is very smart (even able to convert ancient greek!) and now available for public use (Google Docs account required).

Unfortunately, initial reviews of this service have not been kind.  Hopefully it gets better.

Google is not the first to market on this one as there are many other services for optical character recognition (OCR).  The difference will likely be that Google will likely let users upload larger documents for conversion as a feature of its competition with Microsoft Office (which has no such capability).

Saturday, June 12, 2010

The problem of hard passwords

Have you ever been assigned a password that you couldn't possibly remember, then required to write it down somewhere or come up with one equally weird?  How is someone supposed to remember "n0A2aw3f"?  How are you not supposed to write something like that down?  Enter Password Card, a tool to provide an opportunity to easily use passwords that would be almost impossible to guess.

(Below: example "card")


Just pick a character and a color for a password of any length.  If the card is lost, it looks like random characters (above), so you're safe.


Why gibberish passwords?

You may wonder why organizations require this when ATMs only require simple 4-number PIN passwords.  The reason this is secure is because ATM machines will only allow you to try around 4 times before locking your account.  Frequently other passwords and services don't have this limitation and must rely on passwords that must withstand millions of attempts by very fast computers.

A single character of a password if using a number has 10 possibilities and a single letter has 26 possibilities.  If you combine both upper-case, lower-case, and numbers (as Password Card does), you have 62 combinations available.

While a four number ATM code has 10,000 possibilities, a four character password from Password Card would have almost 15 million!  An 8 character password would have over 200 trillion combinations!

So the advantages of a difficult password are obvious.


An open password?

Unfortunately, as cool as the Password Card is, the weak link is for against an intelligent or dedicated thief.  If someone has your card and your login names, its very easy to enter all the left-to-right combination of characters present on the card and have a computer quickly try them all.  So the question becomes: could you publicly post a wallet-sized piece of paper with your password written on it on it and still be completely secure?

For any proposed system, the password must be present and visible and should use the current "Password Card" system in some format.  Here's what we came up with:

Use obvious associations that a human could make but a computer could not, such as grey being connected to the sad face and the heart with red.  So all someone would have to remember is "sad face, heart" to have a much more complex, harder to guess password.  Drawing from our card above, four characters would come from the grey line under the sad face ("svwR") and four more from the red starting under the heart character ("qYdr").


This two-part password seems to be much more secure and could of course be made three or four-part for better security.  Even a computer's "attack" on the card would be fruitless as the possible combinations starts to become nearly impossible again.

Related:

Generatedata.com - Generate any kind of data, including random passwords.

Friday, June 11, 2010

Another reason to leave Facebook.

Someone mentioned this in an online forum recently
"Facebook's good for family as much as anything else, really."
 Ostensibly its "social media software" but its very broken; I was using Facebook for probably 3 years there before I determined that apart from sharing photos, it was in fact anti-social.
  •  Wasn't more connected with anyone or anything, in fact more isolated.  Status updates and comments are sort of like talking about the weather: they're filler.
  • No dates, no new friends, no meaningful exchanges at all.
So independent of Facebook's stupid privacy policies, switching back to phone calls, email, and even instant messengers has been a far better move.

Thursday, June 10, 2010

Microsoft and critical infrastructure

Very interesting article on a Richard Clark book about how to cast Microsoft in terms of national defense and critical systems, including the politics behind how to force the company to stand up to obligations.

Sunday, June 06, 2010

Elephant in the Vatican

In an article on how the Pope Benedict claims that the "world ignores Christians in Mideast," the Associated Press drops the ball in several places:
  1. Doesn't note the sensation that this is an attempt to distract about one injustice by pointing out another.
  2. Didn't make the link that maybe the Vatican shares some blame in not handling its own problems.
  3. It also glosses over the terrible possibility that people completely unrelated to the failures of the biggest Christian church may be suffering for it.
Note that it may also be true that the Vatican just does things from time to time and the press should report on that.

Saturday, June 05, 2010

Thursday, June 03, 2010

Web Desktops

A desktop you can access anywhere is gradually taking off:
  • EyeOS - when I tested this over a year ago, it quickly got on my nerves, but its continued to grow and expand.  Gradually making my way back to it.
  • Spoon.net - Fantastic idea but from the site I can't make heads or tails of how it works or what it is or if its even free.  Clearly a powerful tool for virtualization and browser testing.
  • Meebo.com - just chatting on some 30 different chat networks using a very desktop-style interface.  Its pretty smooth and already well ahead of Yahoo's official web client.
What I'm waiting for is something to come out that's completely seamless.  Use it locally, use it online, download it, whatever.  Never lose any data, never lose functionality.  That's worth a million dollars.