TrueJournals

I’m sure you’ve seen the message before.  You try to log into a website you go to every now and then, and forget which password you used for it, or type something in wrong.  ”Sorry, this password is incorrect,” says the website.  You grumble to yourself and try again, paying little attention to the harmless message.  From a programmer’s perspective, it’s a bit more interesting than that.

With a SQL database backend, it’s quite easy to figure out a login problem.  It’s a simple matter of searching the databse for a username that is equal to the one the user entered.  If the password of that row matches the password the user entered (generally md5 encoded), then the user can login.  If it doesn’t, they get the “incorrect password” message, and if the username search returns zero rows, they get an “incorrect username” message.  Simple and secure, right?

Wrong.  The problem with telling the user that the password was the incorrect data entered is that it lets them know that the username is correct.  For someone legitimately logging into the website, this is great.  They know exactly what to fix, they fix it and move on.  For someone who doesn’t actually own the account, however, this message is a lot more interesting.

Potentially, a script could be written to try thousands, even millions of usernames all with the same password.  Once an “incorrect password” message is reached, the script can then try another list of thousands to millions of passwords, until it gets an account.  All automated, and very simple.

So, the solution is to not let the user know what’s wrong.  Just say “incorrect login details.”  Something is wrong, but we’re not gonna tell you what.  Good luck!  This will stop any username-guessing script.  Now, you can’t tell a valid username from an invalid username.  However, some websites like to have lists of their members, or the hacker may already know a username for some reason.  So, how do we combat this?

Login try limits.  After 5 failed attempts, lock out the IP address in question.  Any user who just typed something wrong should be able to get it right within five tries, and blocking the IP will stop from additional attacks.  However, some robots are more complex than this.

When it comes down to it, if someone really wants to get into your website, they will.  A botnet will millions of different IP addresses could foil the above scheme.  Additionally, proxies could get around this block.  It would seem that there is no way to keep a website secure.

The responsibility falls on the user, really.  Most websites say somewhere that if someone breaks into your account, they aren’t responsible.  Website admins should have really long annoying to type passwords, because they can easily save the password somewhere, and normal users should have passwords that are strong enough.  If you’re really worried that someone will break into your account, choose a better, longer password.

Or, do we need to go above and beyond passwords?  Is there a level of security past passwords that we have yet to reach.  A lot of computers now have fingerprint readers.  Could we have websites that require your fingerprint as your password?  How about an image?  A website could issue you a completely random image for your password.  You save this image, and have to upload it any time you want to login.  The image would have to be small enough to let dial up users be able to upload the image, but it could be big enough to be very, very random.

So, security isn’t perfect.  I doubt it ever will be.  If someone really, really wants to break into something, they will.  This is why we have jails.

You know what class this is?  P.E.  You know what that stands for?  Physical Excersise.

This quote is attributed to a P.E. sub at my high school.  I’m paraphrasing, because I don’t remember the actual words, but believe me: this phrase was actually uttered by a substitute P.E. teacher.  Perhaps this wasn’t the best way to start of the blog post.  Let’s go back a bit.

A couple weeks ago, I needed a form signed so I could go on a field trip.  All of my teachers need to sign a form saying that it’s OK for me to skip out on class, and acknowleging that they realize that I’m not going to be in class that day.  Granted, most teachers just sign the form without looking at the date, but that’s beside the point.

On this form, we also have to write which class we have each hour.  So, for my seventh hour class I wrote the following: Gym.  Seemed fine to me.  I go up to my teacher and have her sign it.  She first crosses out “gym” and writes “PE”, then signs the form (all without saying anything to me).  I thought this was slightly humorous.  I didn’t think much of it because, after all, the form was signed.  However, I’ve started to think more and more of this small action.

To me, and to most of the world, PE stands for Physical Education.  Education, to me, implies that I will learn something.  It could be useless information, and it could be useful information, regardless, I should learn something.  I would attribute a class like Health to this title.  It suits all the requirements: physical — You learn about how your body functions and how to keep yourself healthy; education — did I not just use the word learn?

Let me make this a bit more clear.  Here’s how Google defines eduction:

knowledge acquired by learning and instruction

Once again, the key words here are knowlege, learning, and instruction.  These are the three important requirements in order to have the “education part.”

I would define my “P.E.” class this year as anything but that.  It consists of:

Today we’re playing tennis.  Grab a ball, racket, and partner, and start playing tennis.

No instruction, no guidance, no help while attempting to play the sport, just a: “This is what we’re doing.  Go.”  So, where, then, does the education come in?

Freshman and sophomore year was different: we actually learned about the muscles and bones in our body.  We learned about what excersises work which muscles, and we were taught easy excersises to help keep us in shape.  Once again: we learned.  This was not gym class, it truly was physical education.

So, I suggest a reform of the class.  Because Illinois is the only state that still requires four years of gym P.E. in high school, we must be true to the classes title: teach us.  It doesn’t even have to be individual attention (although that would be nice).  But, at least inform us of the rules of tennis before telling us to play.  If you want to get really crazy, try to make us play by the rules.   If we are going to take Physical Education, let’s keep the Education there.

Although, I’ve heard an alternative suggestion: make P.E. half-classroom.  This alternative would suit Illinois perfectly.  We could still have a P.E. class, but we would actually learn.  Once the program got started, the school could start offering “specialized” P.E. classes, where you can learn about one specific topic.  You could then take the P.E. class that sounded most interesting to you, instead of being stuck in a general gym class.

After all this, I have to question my school’s definition of P.E.  I was always taught that P.E. stood for Physical Education (acronym finder agrees), but it seems the crazy old gym teacher is right: PE stands for Physical Excersise.

Phew… It’s about time I’ve made another blog post.  Show week always keeps me busy…

Anyway, let me preface this post by saying this: I’m 18.  The following contains my view of things from my perspective.  I could be completely wrong.  In fact, it would be awesome if some economy expert visited my blog and posted a comment about how wrong I am, but that probably won’t happen.  Now, on to the actual post!

I get annoyed when watching TV sometimes.  It’s one particular commercial strand.  From Wal-Mart, at that!  It’s their commercials about how going to Wal-Mart to get food is cheaper than going out, so you should buy food from Wal-Mart, because you need to save money in these poor economic times.  Makes sense, right?

Wrong.  In fact, this advice will only help destroy the economy wrong.  Wal-Mart is absolutely right: our economy isn’t doing that great right now.  However, they suggest a terrible way to fix it: stop spending money.  This is exactly the opposite of what needs to be done, and what the governemnt is trying to get done to fix the economy. (continue reading…)

Every now and then when working on a program, I like to have a brainstorming session.  Usually I’m just lying comfortably in my bed, thinking of how I can expand a program more, remove bugs, or make it quicker or more stable.  Last night, I had a brainstorming session for tear bookmarks, and I thought I’d share my notes with everyone who reads this.

My brainstorming session basically consists of my tablet running xournal.  I get nice lined notebook paper, where I can write down any ideas that pop into my head.  I can then look at that later and go “No… that won’t work” or “Hmm… I might be on to something,” and try to implement it.

So, if you’d like to see what I’ve been thinking about for tear bookmarks, look at the following PDF: 2009-04-22-tearbookmarksbrainstorm.  Enjoy!

I often hear from my friends (and I’ll admit to helping spread the rumor) that Illinois is the only state that still requires four years of gym in high school.  Technically, the rumor is eight semesters, but I’m still not sure of its validity.  I’m fairly certain that this is a state requirement, but is Illinois the only state with this requirement?

Being a computer geek, I’ve always found gym slightly useless.  A class where they make you run around for however long they feel like it, for no reason.  Usually, the teacher doesn’t even participate in the activity, or give demonstrations for activities.  Teachers in gym seem to not be teachers, but lesson planners.  They plan what the class will do each day.  Sometimes, as is the case in my high school, this isn’t even up to them.  The department chooses when each class will do each activity.  Although, it’s still up to the teachers to decide how to go about doing this activity.

Regardless, gym has always seemed to be more of a punishment than a class.  This is due to the fact that they only have two punishment options: make us fail (which doesn’t work for one-time offenses), or make us do more physical activity (running, usually).  Because physical activity is so often used as a punishment, we learn to associate it with punishment.  Let me give an example.  Let’s say that you enjoy, or can at least tolerate, doing push-ups.  You can do 30 push-ups without any problem.  Your gym teacher decides to make ten push-ups a punishment for some offense.  You don’t really mind push-ups, so you end up goofing off.  You get “punished” once, twice, three times.  However, you don’t realize that you’ve already done thirty, so keep goofing off.  Eventually, you’ve done forty, fifty, sixty push-ups in a day: way more than you’re comfortable with.  Now that you’ve been made to do the extra push-ups, you associate push-ups with punishment, and now loathe doing push-ups. (continue reading…)

I read an article recently talking about the manufacturing price of the Wii.  This article pointed out that the manufacturing price of the wii had gone down by about 45% since the time the Wii came out.  Yet, the Wii still costs $250 for consumers.

It’s simple really: people are still willing to pay $250 for a Wii.  As long as Nintendo can sell Wiis for $250, and make a huge profit while doing so, they might as well.  While Wiis are becoming easier and easier to find, they’re still flying off the shelf.

It’s worth noting here that Nintendo has, from day one, been making a profit from every Wii sold.  So, it stands to reason that they’re now making a HUGE profit on every Wii sold.  Taking away 45% from $250 means that the Wii should now cost about $137.

But there’s something else.  A small note that’s often forgotten.  Nintendo will have to drop the price of the Wii eventually, so they can boost sales again.  When this happens, Nintendo will be able to drop the price by $100 – $150!  This will be an insane price drop, and ignite intrest in the Wii once more, making them hard to find.  This price drop could put the Wii anywhere between $100 and $150, making it, once again, the cheapest current-gen video game system.

Nintendo has, yet again, found a way to print money.  Make a system that is the cheapest current-gen system when it launches, with the fun gimmick of having motion-sensitive controls.  Then, let the manufacturing price drop while you keep your price the same, and every other system lowers the price.  Wait until interest in your console dies down, and… drop the price, and make it the cheapest current-gen system again.  Nintendo knows what’s going on.