TrueJournals

I’m sure you’ve seen the message before.  You try to log into a website you go to every now and then, and forget which password you used for it, or type something in wrong.  ”Sorry, this password is incorrect,” says the website.  You grumble to yourself and try again, paying little attention to the harmless message.  From a programmer’s perspective, it’s a bit more interesting than that.

With a SQL database backend, it’s quite easy to figure out a login problem.  It’s a simple matter of searching the databse for a username that is equal to the one the user entered.  If the password of that row matches the password the user entered (generally md5 encoded), then the user can login.  If it doesn’t, they get the “incorrect password” message, and if the username search returns zero rows, they get an “incorrect username” message.  Simple and secure, right?

Wrong.  The problem with telling the user that the password was the incorrect data entered is that it lets them know that the username is correct.  For someone legitimately logging into the website, this is great.  They know exactly what to fix, they fix it and move on.  For someone who doesn’t actually own the account, however, this message is a lot more interesting.

Potentially, a script could be written to try thousands, even millions of usernames all with the same password.  Once an “incorrect password” message is reached, the script can then try another list of thousands to millions of passwords, until it gets an account.  All automated, and very simple.

So, the solution is to not let the user know what’s wrong.  Just say “incorrect login details.”  Something is wrong, but we’re not gonna tell you what.  Good luck!  This will stop any username-guessing script.  Now, you can’t tell a valid username from an invalid username.  However, some websites like to have lists of their members, or the hacker may already know a username for some reason.  So, how do we combat this?

Login try limits.  After 5 failed attempts, lock out the IP address in question.  Any user who just typed something wrong should be able to get it right within five tries, and blocking the IP will stop from additional attacks.  However, some robots are more complex than this.

When it comes down to it, if someone really wants to get into your website, they will.  A botnet will millions of different IP addresses could foil the above scheme.  Additionally, proxies could get around this block.  It would seem that there is no way to keep a website secure.

The responsibility falls on the user, really.  Most websites say somewhere that if someone breaks into your account, they aren’t responsible.  Website admins should have really long annoying to type passwords, because they can easily save the password somewhere, and normal users should have passwords that are strong enough.  If you’re really worried that someone will break into your account, choose a better, longer password.

Or, do we need to go above and beyond passwords?  Is there a level of security past passwords that we have yet to reach.  A lot of computers now have fingerprint readers.  Could we have websites that require your fingerprint as your password?  How about an image?  A website could issue you a completely random image for your password.  You save this image, and have to upload it any time you want to login.  The image would have to be small enough to let dial up users be able to upload the image, but it could be big enough to be very, very random.

So, security isn’t perfect.  I doubt it ever will be.  If someone really, really wants to break into something, they will.  This is why we have jails.

You know what class this is?  P.E.  You know what that stands for?  Physical Excersise.

This quote is attributed to a P.E. sub at my high school.  I’m paraphrasing, because I don’t remember the actual words, but believe me: this phrase was actually uttered by a substitute P.E. teacher.  Perhaps this wasn’t the best way to start of the blog post.  Let’s go back a bit.

A couple weeks ago, I needed a form signed so I could go on a field trip.  All of my teachers need to sign a form saying that it’s OK for me to skip out on class, and acknowleging that they realize that I’m not going to be in class that day.  Granted, most teachers just sign the form without looking at the date, but that’s beside the point.

On this form, we also have to write which class we have each hour.  So, for my seventh hour class I wrote the following: Gym.  Seemed fine to me.  I go up to my teacher and have her sign it.  She first crosses out “gym” and writes “PE”, then signs the form (all without saying anything to me).  I thought this was slightly humorous.  I didn’t think much of it because, after all, the form was signed.  However, I’ve started to think more and more of this small action.

To me, and to most of the world, PE stands for Physical Education.  Education, to me, implies that I will learn something.  It could be useless information, and it could be useful information, regardless, I should learn something.  I would attribute a class like Health to this title.  It suits all the requirements: physical — You learn about how your body functions and how to keep yourself healthy; education — did I not just use the word learn?

Let me make this a bit more clear.  Here’s how Google defines eduction:

knowledge acquired by learning and instruction

Once again, the key words here are knowlege, learning, and instruction.  These are the three important requirements in order to have the “education part.”

I would define my “P.E.” class this year as anything but that.  It consists of:

Today we’re playing tennis.  Grab a ball, racket, and partner, and start playing tennis.

No instruction, no guidance, no help while attempting to play the sport, just a: “This is what we’re doing.  Go.”  So, where, then, does the education come in?

Freshman and sophomore year was different: we actually learned about the muscles and bones in our body.  We learned about what excersises work which muscles, and we were taught easy excersises to help keep us in shape.  Once again: we learned.  This was not gym class, it truly was physical education.

So, I suggest a reform of the class.  Because Illinois is the only state that still requires four years of gym P.E. in high school, we must be true to the classes title: teach us.  It doesn’t even have to be individual attention (although that would be nice).  But, at least inform us of the rules of tennis before telling us to play.  If you want to get really crazy, try to make us play by the rules.   If we are going to take Physical Education, let’s keep the Education there.

Although, I’ve heard an alternative suggestion: make P.E. half-classroom.  This alternative would suit Illinois perfectly.  We could still have a P.E. class, but we would actually learn.  Once the program got started, the school could start offering “specialized” P.E. classes, where you can learn about one specific topic.  You could then take the P.E. class that sounded most interesting to you, instead of being stuck in a general gym class.

After all this, I have to question my school’s definition of P.E.  I was always taught that P.E. stood for Physical Education (acronym finder agrees), but it seems the crazy old gym teacher is right: PE stands for Physical Excersise.

Due to a comment I recieved on my “Gym in High School” post, my reply, and some events of today, I feel that this subject needs revisiting.

It isn’t about whether you should or shouldn’t excersise.  It’s about how excersise is used as a punishment throughout middle school and high school.  Today, my class went out to play tennis.  As a warmup, we had to run down to the end of the tennis court and back twice (I use run lightly here, we could have jogged and been fine).  Eager to play tennis, I was the first jogging, and quickly got the two rounds complete.  A friend of mine, and another kid in my gym class were on pace with me, and we all three were done.

However, some of the other kids in my class are lazy.  I see this all the time: they either just walk, turn around half way, or find another way to pretend that they ran what was required.  As I was coming back the second time, I heard my gym teacher yelling something to the effect that they weren’t running, so had to redo the run.  Fine, whatever.  I had done what was required, so I shouldn’t have to worry.

Here’s where the problem comes in.  As I get back to my teacher, she tells me (and the other two kids running with me) that we’ll have to do one more time there and back.  I ask her why, noting that we had already ran there and back twice, and she tells me something along the lines of this:

Yeah, I know, but some of your classmates feel they didn’t need to do the whole thing, so now everyone has to run more.

And, here’s where I find the problem.  I ran what was required of me.  I know this, I’m sure the class knows this, and the teacher knows this.  Yet, because one or two people in my class are lazy (the teacher even named who the person was), I have to run more.  So, I propose a hypothesis to everyone reading this: group punishment does not work.

Teachers seem to love it.  Why single out kids, and deal with them individually when you can just make everyone do more work?  On top of that, peer pressure should cause the others to do what’s required of them in the future, right?

Wrong.  I have zero influence on the kids in my class who are lazy.  This is due to multiple factors: they are in a different social group than I am, I try to avoid associating myself with them, and (not trying to sound conceited here… you have to trust me that this is true) they are on a lower intellectual level than me.

In most classes, I don’t have this problem.  I take honors or AP classes, so I generally am in a class of smart people who are willing to do work required so they don’t have to face the punishment.  However, I have two classes that go outside this norm: gym physical education (my commentary on this correction is saved for another post), and my lit class (again, my commentary on this will be saved for another post).  Somehow, it seems that, when scheduling classes, they ignored intellectual level, and just stuck whoever in whatever gym class.

However, here’s where it stops making sense to me: there is another gym class the same hour that I have my gym class which has at least three people that are on the same intellectual level as me.  In my gym class, I can think of one person, maybe two people, that fit this description.  It seems that they took this group of people who they knew would goof off, and stuck me in with them.

So, while group punishment hinges on the assumption that peer  pressure is the greatest form of influence, this is not always true.  So, how can punishment be implemented to be successful?  Single the person out.  My school does this often for postive accomplishments, why not do it for negative influences?  Make the person do thirty pushups while everyone else just watches.  This will cause embarassment, distress, etc., hopefully fixing the behavior.

Of course, this keeps the idea of using excersise as a punishment.  But, perhaps that’s OK for people who are going to goof off anyway.  We can let them think of excersise as a punishment, and let them grow fat and stupid as the rest of us thrive.  As my Physics teacher so often says:

We call that natural selection.

Phew… It’s about time I’ve made another blog post.  Show week always keeps me busy…

Anyway, let me preface this post by saying this: I’m 18.  The following contains my view of things from my perspective.  I could be completely wrong.  In fact, it would be awesome if some economy expert visited my blog and posted a comment about how wrong I am, but that probably won’t happen.  Now, on to the actual post!

I get annoyed when watching TV sometimes.  It’s one particular commercial strand.  From Wal-Mart, at that!  It’s their commercials about how going to Wal-Mart to get food is cheaper than going out, so you should buy food from Wal-Mart, because you need to save money in these poor economic times.  Makes sense, right?

Wrong.  In fact, this advice will only help destroy the economy wrong.  Wal-Mart is absolutely right: our economy isn’t doing that great right now.  However, they suggest a terrible way to fix it: stop spending money.  This is exactly the opposite of what needs to be done, and what the governemnt is trying to get done to fix the economy. (continue reading…)

Every now and then when working on a program, I like to have a brainstorming session.  Usually I’m just lying comfortably in my bed, thinking of how I can expand a program more, remove bugs, or make it quicker or more stable.  Last night, I had a brainstorming session for tear bookmarks, and I thought I’d share my notes with everyone who reads this.

My brainstorming session basically consists of my tablet running xournal.  I get nice lined notebook paper, where I can write down any ideas that pop into my head.  I can then look at that later and go “No… that won’t work” or “Hmm… I might be on to something,” and try to implement it.

So, if you’d like to see what I’ve been thinking about for tear bookmarks, look at the following PDF: 2009-04-22-tearbookmarksbrainstorm.  Enjoy!

Last night, I relased tearbookmarks 0.3.1-4.  It’s a pretty major update, but I refuse to give it the 1.0 until tear itself is out of beta.  This release includes multiple new features.   First, the menu load is completely dynamic.  The plugin will first check if the bookmark database has been updated since it last grabbed its information.  If it has, it will update the menu, then display it.  If not, it’ll just show the menu.  Loading the menu items could take a bit of time, but I’ve done the best I could to make it as quick as possible.

Second, this release includes the long-awaited folders.  While tear itself doesn’t allow you to manage folders, bongo’s bookmark manager should (in the near future) have this option.  Folders show up at the bottom of the menu, below all your bookmarks, and also load dynamically, so they don’t take time while loading with the main menu.

Third, this release includes some better handling of how to open tear.  It removes the overhead needed to launch the tear executable if tear was already running, and is instead now using dbus directly.  It will also show the “Loading…” information box when launching tear for the first time.

Finally, this release includes bongo’s bookmark manager, including a shortcut to the bookmark manager in the menu.  This shortcut is placed in the same position as the default bookmark plugin, to mimic the actions of that plugin best.

tearbookmarks 0.3.1-4 is available in extras-devel for diablo only.  If you enable extras-devel to install tearbookmarks, please disable it immediately after.

Folders can be infinitely deep

Bookmark manager can now be launched from the bookmark menu

I often hear from my friends (and I’ll admit to helping spread the rumor) that Illinois is the only state that still requires four years of gym in high school.  Technically, the rumor is eight semesters, but I’m still not sure of its validity.  I’m fairly certain that this is a state requirement, but is Illinois the only state with this requirement?

Being a computer geek, I’ve always found gym slightly useless.  A class where they make you run around for however long they feel like it, for no reason.  Usually, the teacher doesn’t even participate in the activity, or give demonstrations for activities.  Teachers in gym seem to not be teachers, but lesson planners.  They plan what the class will do each day.  Sometimes, as is the case in my high school, this isn’t even up to them.  The department chooses when each class will do each activity.  Although, it’s still up to the teachers to decide how to go about doing this activity.

Regardless, gym has always seemed to be more of a punishment than a class.  This is due to the fact that they only have two punishment options: make us fail (which doesn’t work for one-time offenses), or make us do more physical activity (running, usually).  Because physical activity is so often used as a punishment, we learn to associate it with punishment.  Let me give an example.  Let’s say that you enjoy, or can at least tolerate, doing push-ups.  You can do 30 push-ups without any problem.  Your gym teacher decides to make ten push-ups a punishment for some offense.  You don’t really mind push-ups, so you end up goofing off.  You get “punished” once, twice, three times.  However, you don’t realize that you’ve already done thirty, so keep goofing off.  Eventually, you’ve done forty, fifty, sixty push-ups in a day: way more than you’re comfortable with.  Now that you’ve been made to do the extra push-ups, you associate push-ups with punishment, and now loathe doing push-ups. (continue reading…)

I read an article recently talking about the manufacturing price of the Wii.  This article pointed out that the manufacturing price of the wii had gone down by about 45% since the time the Wii came out.  Yet, the Wii still costs $250 for consumers.

It’s simple really: people are still willing to pay $250 for a Wii.  As long as Nintendo can sell Wiis for $250, and make a huge profit while doing so, they might as well.  While Wiis are becoming easier and easier to find, they’re still flying off the shelf.

It’s worth noting here that Nintendo has, from day one, been making a profit from every Wii sold.  So, it stands to reason that they’re now making a HUGE profit on every Wii sold.  Taking away 45% from $250 means that the Wii should now cost about $137.

But there’s something else.  A small note that’s often forgotten.  Nintendo will have to drop the price of the Wii eventually, so they can boost sales again.  When this happens, Nintendo will be able to drop the price by $100 – $150!  This will be an insane price drop, and ignite intrest in the Wii once more, making them hard to find.  This price drop could put the Wii anywhere between $100 and $150, making it, once again, the cheapest current-gen video game system.

Nintendo has, yet again, found a way to print money.  Make a system that is the cheapest current-gen system when it launches, with the fun gimmick of having motion-sensitive controls.  Then, let the manufacturing price drop while you keep your price the same, and every other system lowers the price.  Wait until interest in your console dies down, and… drop the price, and make it the cheapest current-gen system again.  Nintendo knows what’s going on.

As a senior in high school, it often seems like there just isn’t enough time.  Go to school from 7 AM to 3 PM, participate in extra-curricular activities, eat dinner, work 15 hours a week to save up for college, do whatever the family planned, do homework (for AP classes, at that), and have some me-time? Yeah, right.

Every week day I get up at 6:15 in the morning (which some of my friends would say is late, even), eat breakfast, and go to school.  While my first class doesn’t start until 7:30, I get there early to have some socializing time/for the convinience of my parents, who drive me to school.  I have classes (including lunch, and five-minute passing periods) until 2:50.  This includes two AP classes, which are, luckily for me, spread out: on in the morning, one in the afternoon.  By the end of this day, I’m pretty mentally exhausted.  But that’s not all.  I participate in the theatre tech crew at my school.  I’ve been a member all four years, and am even getting an award for my work.  So, every day after school, I go to the theatre to work on whatever show we’re working on until 5:30/6:00 on normal days.  On show days, I usually just stay after school until the show, run the show, and get home around 10 PM. (continue reading…)

While I am not officially part of Internet Tablet Talk‘s move to talk.maemo.org, I do like to contribute my opinion to what’s going on.    Recently, there’s been some interesting discussion.  Since I’m very apt to sharing my opinion, but not all of it is suited for sharing in threads on iTT, I’ll post it here.

First, there’s the issue of defining what content is.  When the community was informed of the move, we were basically told this: “There will be no change in content, only the URL and a few cosmetic changes.”   Looking at the current state of iTT, some may say that “a few cosmetic changes” has been taken too far.  While the themes on the forum, as of today, remain the same as always, the whole structure of the forums has been redone.  The work has mostly consisted of renaming forums, and removing multiple, mostly unnecessary subforums, it seems a radical change.  However, is this really considered the content of the forums.  On most websites, a refactoring in the navigation of the website would only be considered a cosmetic change.  All the old content is still there, the path to find it is just slightly different.  So, why is the same not true on iTT?  All the old threads and posts are still there, they’re just in slightly different places.  The exception to this, however, seems to be the new maemo.org forum.  However, the old layout had a “Website/Suggestions” forum, and because iTT is moving to talk.maemo.org, this now seems like a logical name for the “Website/Suggestions” forum. (continue reading…)