March 2009

Reasons Windows has a poor security architecture

security / /

From Daniel Eran Dilger’s “The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown” (AppleInsider: 1 April 2008):

Thanks to its extensive use of battle-hardened Unix and open source software, Mac OS X also has always had security precautions in place that Windows lacked. It has also not shared the architectural weaknesses of Windows that have made that platform so easy to exploit and so difficult to clean up afterward, including:

  • the Windows Registry and the convoluted software installation mess related to it,
  • the Windows NT/2000/XP Interactive Services flaw opening up shatter attacks,
  • a wide open, legacy network architecture that left unnecessary, unsecured ports exposed by default,
  • poorly designed network sharing protocols that failed to account for adequate security measures,
  • poorly designed administrative messaging protocols that failed to account for adequate security,
  • poorly designed email clients that gave untrusted scripts access to spam one’s own contacts unwittingly,
  • an integrated web browser architecture that opened untrusted executables by design, and many others.

Reasons Windows has a poor security architecture Read More »

Vista & Mac OS X security features

security, technology / /

From Prince McLean’s “Pwn2Own contest winner: Macs are safer than Windows” (AppleInsider: 26 March 2009):

Once it did arrive, Vista introduced sophisticated new measures to make it more difficult for malicious crackers to inject code.

One is support for the CPU’s NX bit, which allows a process to mark certain areas of memory as “Non-eXecutable” so the CPU will not run any code stored there. This is referred to as “executable space protection,” and helps to prevent malicious code from being surreptitiously loaded into a program’s data storage and subsequently executed to gain access to the same privileges as the program itself, an exploit known as a “buffer overflow attack.”

A second security practice of Vista is “address space layout randomization” or ASLR, which is used to load executables, and the system libraries, heap, and stack into a randomly assigned location within the address space, making it far more difficult for crackers to know where to find vulnerabilities they can attack, even if they know what the bugs are and how to exploit them.

[Charlie Miller, the security expert who won both this and last year’s CanSecWest Pwn2Own security contests,] told Tom’s Hardware “the NX bit is very powerful. When used properly, it ensures that user-supplied code cannot be executed in the process during exploitation. Researchers (and hackers) have struggled with ways around this protection. ASLR is also very tough to defeat. This is the way the process randomizes the location of code in a process. Between these two hurdles, no one knows how to execute arbitrary code in Firefox or IE 8 in Vista right now. For the record, Leopard has neither of these features, at least implemented effectively. In the exploit I won Pwn2Own with, I knew right where my shellcode was located and I knew it would execute on the heap for me.”

While Apple did implement some support for NX and ASLR in Mac OS X, Leopard retains dyld, (the dynamic loader responsible for loading all of the frameworks, dylibs, and bundles needed by a process) in the same known location, making it relatively trivial to bypass its ASLR. This is slated to change later this year in Snow Leopard.

With the much larger address space available to 64-bit binaries, Snow Leopard’s ASLR will make it possible to hide the location of loaded code like a needle in a haystack, thwarting the efforts of malicious attackers to maintain predictable targets for controlling the code and data loaded into memory. Without knowing what addresses to target, the “vast majority of these exploits will fail,” another security expert who has also won a high profile Mac cracking contest explained to AppleInsider.

Vista & Mac OS X security features Read More »

$9 million stolen from 130 ATM machines in 49 cities in 30 minutes

business, law, security, tech in changing society / /

From Catey Hill’s “Massive ATM heist! $9M stolen in only 30 minutes” (New York Daily News: 12 February 2009)

With information stolen from only 100 ATM cards, thieves made off with $9 million in cash, according to published reports. It only took 30 minutes.

“We’ve seen similar attempts to defraud a bank through ATM machines but not, not anywhere near the scale we have here,” FBI Agent Ross Rice told Fox 5. “We’ve never seen one this well coordinated,” the FBI told Fox 5.

The heist happened in November, but FBI officials released more information about the events only recently. …

How did they do it? The thieves hacked into the RBS WorldPay computer system and stole payroll card information from the company. A payroll card is used by many companies to pay the salaries of their employees. The cards work a lot like a debit card and can be used in any ATM.

Once the thieves had the card info, they employed a group of ‘cashers’ – people employed to go get the money out of the ATMs. The cashers went to ATMs around the world and withdrew money.
“Over 130 different ATM machines in 49 cities worldwide were accessed in a 30-minute period on November 8,” Agent Rice told Fox 5.

$9 million stolen from 130 ATM machines in 49 cities in 30 minutes Read More »

Now that the Seattle Post-Intelligencer has switched to the Web …

business, politics, social software, tech in changing society / /

From William Yardley and Richard Pérez-Peña’s “Seattle Paper Shifts Entirely to the Web” (The New York Times: 16 March 2009):

The P-I, as it is called, will resemble a local Huffington Post more than a traditional newspaper, with a news staff of about 20 people rather than the 165 it had, and a site with mostly commentary, advice and links to other news sites, along with some original reporting.

The new P-I site has recruited some current and former government officials, including a former mayor, a former police chief and the current head of Seattle schools, to write columns, and it will repackage some material from Hearst’s large stable of magazines. It will keep some of the paper’s popular columnists and bloggers and the large number of unpaid local bloggers whose work appears on the site.

Because the newspaper has had no business staff of its own, the new operation plans to hire more than 20 people in areas like ad sales.

Now that the Seattle Post-Intelligencer has switched to the Web … Read More »

Why we can easily remember jingles but not jokes

art, language & literature, science / /

From Natalie Angier’s “In One Ear and Out the Other” (The New York Times: 16 March 2009):

In understanding human memory and its tics, Scott A. Small, a neurologist and memory researcher at Columbia, suggests the familiar analogy with computer memory.

We have our version of a buffer, he said, a short-term working memory of limited scope and fast turnover rate. We have our equivalent of a save button: the hippocampus, deep in the forebrain is essential for translating short-term memories into a more permanent form.

Our frontal lobes perform the find function, retrieving saved files to embellish as needed. And though scientists used to believe that short- and long-term memories were stored in different parts of the brain, they have discovered that what really distinguishes the lasting from the transient is how strongly the memory is engraved in the brain, and the thickness and complexity of the connections linking large populations of brain cells. The deeper the memory, the more readily and robustly an ensemble of like-minded neurons will fire.

This process, of memory formation by neuronal entrainment, helps explain why some of life’s offerings weasel in easily and then refuse to be spiked. Music, for example. “The brain has a strong propensity to organize information and perception in patterns, and music plays into that inclination,” said Michael Thaut, a professor of music and neuroscience at Colorado State University. “From an acoustical perspective, music is an overstructured language, which the brain invented and which the brain loves to hear.”

A simple melody with a simple rhythm and repetition can be a tremendous mnemonic device. “It would be a virtually impossible task for young children to memorize a sequence of 26 separate letters if you just gave it to them as a string of information,” Dr. Thaut said. But when the alphabet is set to the tune of the ABC song with its four melodic phrases, preschoolers can learn it with ease.

And what are the most insidious jingles or sitcom themes but cunning variations on twinkle twinkle ABC?

Really great jokes, on the other hand, punch the lights out of do re mi. They work not by conforming to pattern recognition routines but by subverting them. “Jokes work because they deal with the unexpected, starting in one direction and then veering off into another,” said Robert Provine, a professor of psychology at the University of Maryland, Baltimore County, and the author of “Laughter: A Scientific Investigation.” “What makes a joke successful are the same properties that can make it difficult to remember.”

This may also explain why the jokes we tend to remember are often the most clichéd ones. A mother-in-law joke? Yes…

Why we can easily remember jingles but not jokes Read More »

Social software: 5 properties & 3 dynamics

business, history, politics, security, social software, tech in changing society / /

From danah boyd’s “Social Media is Here to Stay… Now What?” at the Microsoft Research Tech Fest, Redmond, Washington (danah: 26 February 2009):

Certain properties are core to social media in a combination that alters how people engage with one another. I want to discuss five properties of social media and three dynamics. These are the crux of what makes the phenomena we’re seeing so different from unmediated phenomena.

A great deal of sociality is about engaging with publics, but we take for granted certain structural aspects of those publics. Certain properties are core to social media in a combination that alters how people engage with one another. I want to discuss five properties of social media and three dynamics. These are the crux of what makes the phenomena we’re seeing so different from unmediated phenomena.

1. Persistence. What you say sticks around. This is great for asynchronicity, not so great when everything you’ve ever said has gone down on your permanent record. …

2. Replicability. You can copy and paste a conversation from one medium to another, adding to the persistent nature of it. This is great for being able to share information, but it is also at the crux of rumor-spreading. Worse: while you can replicate a conversation, it’s much easier to alter what’s been said than to confirm that it’s an accurate portrayal of the original conversation.

3. Searchability. My mother would’ve loved to scream search into the air and figure out where I’d run off with friends. She couldn’t; I’m quite thankful. But with social media, it’s quite easy to track someone down or to find someone as a result of searching for content. Search changes the landscape, making information available at our fingertips. This is great in some circumstances, but when trying to avoid those who hold power over you, it may be less than ideal.

4. Scalability. Social media scales things in new ways. Conversations that were intended for just a friend or two might spiral out of control and scale to the entire school or, if it is especially embarrassing, the whole world. …

5. (de)locatability. With the mobile, you are dislocated from any particular point in space, but at the same time, location-based technologies make location much more relevant. This paradox means that we are simultaneously more and less connected to physical space.

Those five properties are intertwined, but their implications have to do with the ways in which they alter social dynamics. Let’s look at three different dynamics that have been reconfigured as a result of social media.

1. Invisible Audiences. We are used to being able to assess the people around us when we’re speaking. We adjust what we’re saying to account for the audience. Social media introduces all sorts of invisible audiences. There are lurkers who are present at the moment but whom we cannot see, but there are also visitors who access our content at a later date or in a different environment than where we first produced them. As a result, we are having to present ourselves and communicate without fully understanding the potential or actual audience. The potential invisible audiences can be stifling. Of course, there’s plenty of room to put your head in the sand and pretend like those people don’t really exist.

2. Collapsed Contexts. Connected to this is the collapsing of contexts. In choosing what to say when, we account for both the audience and the context more generally. Some behaviors are appropriate in one context but not another, in front of one audience but not others. Social media brings all of these contexts crashing into one another and it’s often difficult to figure out what’s appropriate, let alone what can be understood.

3. Blurring of Public and Private. Finally, there’s the blurring of public and private. These distinctions are normally structured around audience and context with certain places or conversations being “public” or “private.” These distinctions are much harder to manage when you have to contend with the shifts in how the environment is organized.

All of this means that we’re forced to contend with a society in which things are being truly reconfigured. So what does this mean? As we are already starting to see, this creates all new questions about context and privacy, about our relationship to space and to the people around us.

Social software: 5 properties & 3 dynamics Read More »

Kids & adults use social networking sites differently

business, politics, social software, tech in changing society / /

From danah boyd’s “Social Media is Here to Stay… Now What?” at the Microsoft Research Tech Fest, Redmond, Washington (danah: 26 February 2009):

For American teenagers, social network sites became a social hangout space, not unlike the malls in which I grew up or the dance halls of yesteryears. This was a place to gather with friends from school and church when in-person encounters were not viable. Unlike many adults, teenagers were never really networking. They were socializing in pre-exiting groups.

Social network sites became critically important to them because this was where they sat and gossiped, jockeyed for status, and functioned as digital flaneurs. They used these tools to see and be seen. …

Teen conversations may appear completely irrational, or pointless at best. “Yo, wazzup?” “Not much, how you?” may not seem like much to an outsider, but this is a form of social grooming. It’s a way of checking in, confirming friendships, and negotiating social waters.

Adults have approached Facebook in very different ways. Adults are not hanging out on Facebook. They are more likely to respond to status messages than start a conversation on someone’s wall (unless it’s their birthday of course). Adults aren’t really decorating their profiles or making sure that their About Me’s are up-to-date. Adults, far more than teens, are using Facebook for its intended purpose as a social utility. For example, it is a tool for communicating with the past.

Adults may giggle about having run-ins with mates from high school, but underneath it all, many of them are curious. This isn’t that different than the school reunion. … Teenagers craft quizzes for themselves and their friends. Adults are crafting them to show-off to people from the past and connect the dots between different audiences as a way of coping with the awkwardness of collapsed contexts.

Kids & adults use social networking sites differently Read More »

The importance of network effects to social software

business, history, politics, social software, tech in changing society / /

From danah boyd’s “Social Media is Here to Stay… Now What?” at the Microsoft Research Tech Fest, Redmond, Washington (danah: 26 February 2009):

Many who build technology think that a technology’s feature set is the key to its adoption and popularity. With social media, this is often not the case. There are triggers that drive early adopters to a site, but the single most important factor in determining whether or not a person will adopt one of these sites is whether or not it is the place where their friends hangout. In each of these cases, network effects played a significant role in the spread and adoption of the site.

The uptake of social media is quite different than the uptake of non-social technologies. For the most part, you don’t need your friends to use Word to find the tool useful. You do need your friends to use email for it to be useful, but, thanks to properties of that medium, you don’t need them to be using Outlook or Hotmail to write to them. Many of the new genres of social media are walled gardens, requiring your friends to use that exact site to be valuable. This has its advantages for the companies who build it – that’s the whole attitude behind lock-in. But it also has its costs. Consider for example the fact that working class and upper class kids can’t talk to one another if they are on different SNSs.

Friendster didn’t understand network effects. In kicking off users who weren’t conforming to their standards, they pissed off more than those users; they pissed off those users’ friends who were left with little purpose to use the site. The popularity of Friendster unraveled as fast as it picked up, but the company never realized what hit them. All of their metrics were based on number of users. While only a few users deleted their accounts, the impact of those lost accounts was huge. The friends of those who departed slowly stopped using the site. At first, they went from logging in every hour to logging in every day, never affecting the metrics. But as nothing new came in and as the collective interest waned, their attention went elsewhere. Today, Friendster is succeeding because of its popularity in other countries, but in the US, it’s a graveyard of hipsters stuck in 2003.

The importance of network effects to social software Read More »

MySpace/Facebook history & sociology

business, history, politics, social software, tech in changing society / /

From danah boyd’s “Social Media is Here to Stay… Now What?” at the Microsoft Research Tech Fest, Redmond, Washington (danah: 26 February 2009):

Facebook had launched as a Harvard-only site before expanding to other elite institutions before expanding to other 4-year-colleges before expanding to 2-year colleges. It captured the mindshare of college students everywhere. It wasn’t until 2005 that they opened the doors to some companies and high schools. And only in 2006, did they open to all.

Facebook was narrated as the “safe” alternative and, in the 2006-2007 school year, a split amongst American teens occurred. Those college-bound kids from wealthier or upwardly mobile backgrounds flocked to Facebook while teens from urban or less economically privileged backgrounds rejected the transition and opted to stay with MySpace while simultaneously rejecting the fears brought on by American media. Many kids were caught in the middle and opted to use both, but the division that occurred resembles the same “jocks and burnouts” narrative that shaped American schools in the 1980s.

MySpace/Facebook history & sociology Read More »

Defining social media, social software, & Web 2.0

business, history, social software, tech in changing society / /

From danah boyd’s “Social Media is Here to Stay… Now What?” at the Microsoft Research Tech Fest, Redmond, Washington (danah: 26 February 2009):

Social media is the latest buzzword in a long line of buzzwords. It is often used to describe the collection of software that enables individuals and communities to gather, communicate, share, and in some cases collaborate or play. In tech circles, social media has replaced the earlier fave “social software.” Academics still tend to prefer terms like “computer-mediated communication” or “computer-supported cooperative work” to describe the practices that emerge from these tools and the old skool academics might even categorize these tools as “groupwork” tools. Social media is driven by another buzzword: “user-generated content” or content that is contributed by participants rather than editors.

… These tools are part of a broader notion of “Web2.0.” Yet-another-buzzword, Web2.0 means different things to different people.

For the technology crowd, Web2.0 was about a shift in development and deployment. Rather than producing a product, testing it, and shipping it to be consumed by an audience that was disconnected from the developer, Web2.0 was about the perpetual beta. This concept makes all of us giggle, but what this means is that, for technologists, Web2.0 was about constantly iterating the technology as people interacted with it and learning from what they were doing. To make this happen, we saw the rise of technologies that supported real-time interactions, user-generated content, remixing and mashups, APIs and open-source software that allowed mass collaboration in the development cycle. …

For the business crowd, Web2.0 can be understood as hope. Web2.0 emerged out of the ashes of the fallen tech bubble and bust. Scars ran deep throughout Silicon Valley and venture capitalists and entrepreneurs wanted to party like it was 1999. Web2.0 brought energy to this forlorn crowd. At first they were skeptical, but slowly they bought in. As a result, we’ve seen a resurgence of startups, venture capitalists, and conferences. At this point, Web2.0 is sometimes referred to as Bubble2.0, but there’s something to say about “hope” even when the VCs start co-opting that term because they want four more years.

For users, Web2.0 was all about reorganizing web-based practices around Friends. For many users, direct communication tools like email and IM were used to communicate with one’s closest and dearest while online communities were tools for connecting with strangers around shared interests. Web2.0 reworked all of that by allowing users to connect in new ways. While many of the tools may have been designed to help people find others, what Web2.0 showed was that people really wanted a way to connect with those that they already knew in new ways. Even tools like MySpace and Facebook which are typically labeled social networkING sites were never really about networking for most users. They were about socializing inside of pre-existing networks.

Defining social media, social software, & Web 2.0 Read More »

DRM fails utterly

business, law, tech in changing society / /

From John Siracusa’s “The once and future e-book: on reading in the digital age” (Ars Technica: 1 February 2009):

Nuances aside, the big picture remains the same: DRM for digital media distribution to consumers is a mathematically, technologically, and intellectually bankrupt exercise. It fails utterly to deliver its intended benefit: the prevention of piracy. Its disadvantages, however, are provided in full force: limiting what consumers can legally do with content they have legitimately purchased, under threat of civil penalties or criminal prosecution.

DRM fails utterly Read More »

Why everyone wants a computer: socializing

business, history, social software, tech in changing society / /

From Paul Graham’s “Why TV Lost” (Paul Graham: March 2009):

The somewhat more surprising force was one specific type of innovation: social applications. The average teenage kid has a pretty much infinite capacity for talking to their friends. But they can’t physically be with them all the time. When I was in high school the solution was the telephone. Now it’s social networks, multiplayer games, and various messaging applications. The way you reach them all is through a computer. Which means every teenage kid (a) wants a computer with an Internet connection, (b) has an incentive to figure out how to use it, and (c) spends countless hours in front of it.

This was the most powerful force of all. This was what made everyone want computers. Nerds got computers because they liked them. Then gamers got them to play games on. But it was connecting to other people that got everyone else: that’s what made even grandmas and 14 year old girls want computers.

Why everyone wants a computer: socializing Read More »

The future of TV is the Internet

business, social software, tech in changing society / /

From Paul Graham’s “Why TV Lost” (Paul Graham: March 2009):

About twenty years ago people noticed computers and TV were on a collision course and started to speculate about what they’d produce when they converged. We now know the answer: computers. It’s clear now that even by using the word “convergence” we were giving TV too much credit. This won’t be convergence so much as replacement. People may still watch things they call “TV shows,” but they’ll watch them mostly on computers.

Whether [TV networks] like it or not, big changes are coming, because the Internet dissolves the two cornerstones of broadcast media: synchronicity and locality. On the Internet, you don’t have to send everyone the same signal, and you don’t have to send it to them from a local source. People will watch what they want when they want it, and group themselves according to whatever shared interest they feel most strongly. Maybe their strongest shared interest will be their physical location, but I’m guessing not. Which means local TV is probably dead. It was an artifact of limitations imposed by old technology.

The future of TV is the Internet Read More »

Facebook & the Dunbar number

science, social software, tech in changing society, technology / /

From The Economist‘s “Primates on Facebook” (26 February 2009):

Robin Dunbar, an anthropologist who now works at Oxford University, concluded that the cognitive power of the brain limits the size of the social network that an individual of any given species can develop. Extrapolating from the brain sizes and social networks of apes, Dr Dunbar suggested that the size of the human brain allows stable networks of about 148. Rounded to 150, this has become famous as “the Dunbar number”.

Many institutions, from neolithic villages to the maniples of the Roman army, seem to be organised around the Dunbar number. Because everybody knows everybody else, such groups can run with a minimum of bureaucracy. But that does not prove Dr Dunbar’s hypothesis is correct, and other anthropologists, such as Russell Bernard and Peter Killworth, have come up with estimates of almost double the Dunbar number for the upper limit of human groups. Moreover, sociologists also distinguish between a person’s wider network, as described by the Dunbar number or something similar, and his social “core”. Peter Marsden, of Harvard University, found that Americans, even if they socialise a lot, tend to have only a handful of individuals with whom they “can discuss important matters”. A subsequent study found, to widespread concern, that this number is on a downward trend.

The rise of online social networks, with their troves of data, might shed some light on these matters. So The Economist asked Cameron Marlow, the “in-house sociologist” at Facebook, to crunch some numbers. Dr Marlow found that the average number of “friends” in a Facebook network is 120, consistent with Dr Dunbar’s hypothesis, and that women tend to have somewhat more than men. But the range is large, and some people have networks numbering more than 500, so the hypothesis cannot yet be regarded as proven.

What also struck Dr Marlow, however, was that the number of people on an individual’s friend list with whom he (or she) frequently interacts is remarkably small and stable. The more “active” or intimate the interaction, the smaller and more stable the group.

Thus an average man—one with 120 friends—generally responds to the postings of only seven of those friends by leaving comments on the posting individual’s photos, status messages or “wall”. An average woman is slightly more sociable, responding to ten. When it comes to two-way communication such as e-mails or chats, the average man interacts with only four people and the average woman with six. Among those Facebook users with 500 friends, these numbers are somewhat higher, but not hugely so. Men leave comments for 17 friends, women for 26. Men communicate with ten, women with 16.

What mainly goes up, therefore, is not the core network but the number of casual contacts that people track more passively. …

Put differently, people who are members of online social networks are not so much “networking” as they are “broadcasting their lives to an outer tier of acquaintances who aren’t necessarily inside the Dunbar circle,” says Lee Rainie, the director of the Pew Internet & American Life Project, a polling organisation.

Facebook & the Dunbar number Read More »

What passwords do people use? phpBB examples

language & literature, security / /

From Robert Graham’s “PHPBB Password Analysis” (Dark Reading: 6 February 2009):

A popular Website, phpbb.com, was recently hacked. The hacker published approximately 20,000 user passwords from the site. …

This incident is similar to one two years ago when MySpace was hacked, revealing about 30,000 passwords. …

The striking different between the two incidents is that the phpbb passwords are simpler. MySpace requires that passwords “must be between 6 and 10 characters, and contain at least 1 number or punctuation character.” Most people satisfied this requirement by simply appending “1” to the ends of their passwords. The phpbb site has no such restrictions — the passwords are shorter and rarely contain anything more than a dictionary word.

It’s hard to judge exactly how many passwords are dictionary words. … I ran the phpbb passwords through various dictionary files and come up with a 65% match (for a simple English dictionary) and 94% (for “hacker” dictionaries). …

16% of passwords matched a person’s first name. This includes people choosing their own first names or those of their spouses or children. The most popular first names were Joshua, Thomas, Michael, and Charlie. But I wonder if there is something else going on. Joshua, for example, was also the password to the computer in “Wargames” …

14% of passwords were patterns on the keyboard, like “1234,” “qwerty,” or “asdf.” There are a lot of different patterns people choose, like “1qaz2wsx” or “1q2w3e.” I spent a while googling “159357,” trying to figure out how to categorize it, then realized it was a pattern on the numeric keypad. …

4% are variations of the word “password,” such as “passw0rd,” “password1,” or “passwd.” I googled “drowssap,” trying to figure out how to categorize it, until I realized it was “password” spelled backward.

5% of passwords are pop-culture references from TV, movies, and music. These tend to be youth culture (“hannah,” “pokemon,” “tigger”) and geeky (“klingon,” “starwars,” “matrix,” “legolas,” “ironman”). … Some notable pop-culture references are chosen not because they are popular, but because they sound like passwords, such as “ou812” (’80s Van Halen album), “blink182” (’90s pop), “rush2112” (’80s album), and “8675309” (’80s pop song).

4% of passwords appear to reference things nearby. The name “samsung” is a popular password, I think because it’s the brand name on the monitor that people are looking at … Similarly, there are a lot of names of home computers like “dell,” “packard,” “apple,” “pavilion,” “presario,” “compaq,” and so on. …

3% of passwords are “emo” words. Swear words, especially the F-word, are common, but so are various forms of love and hate (like “iloveyou” or “ihateyou”).

3% are “don’t care” words. … A lot of password choices reflect this attitude, either implicitly with “abc123” or “blahblah,” or explicitly with “whatever,” “whocares,” or “nothing.”

1.3% are passwords people saw in movies/TV. This is a small category, consisting only of “letmein,” “trustno1,” “joshua,” and “monkey,” but it accounts for a large percentage of passwords.

1% are sports related. …

Here is the top 20 passwords from the phpbb dataset. You’ll find nothing surprising here; all of them are on this Top 500 list.

3.03% “123456”
2.13% “password”
1.45% “phpbb”
0.91% “qwerty”
0.82% “12345”
0.59% “12345678”
0.58% “letmein”
0.53% “1234”
0.50% “test”
0.43% “123”
0.36% “trustno1”
0.33% “dragon”
0.31% “abc123”
0.31% “123456789”
0.31% “111111”
0.30% “hello”
0.30% “monkey”
0.28% “master”
0.22% “killer”
0.22% “123123”

Notice that whereas “myspace1” was one of the most popular passwords in the MySpace dataset, “phpbb” is one of the most popular passwords in the phpbb dataset.

The password length distribution is as follows:

1 character 0.34%
2 characters 0.54%
3 characters 2.92%
4 characters 12.29%
5 characters 13.29%
6 characters 35.16%
7 characters 14.60%
8 characters 15.50%
9 characters 3.81%
10 characters 1.14%
11 characters 0.22%

Note that phpbb has no requirements for password lengths …

What passwords do people use? phpBB examples Read More »

New Zealand’s new copyright law

business, law, politics, tech in changing society, technology / /

From Mark Gibbs’ “New Zealand gets insane copyright law” (Network World: 20 February 2009):

A law was recently passed in New Zealand that has created what many consider to be the world’s harshest copyright enforcement law. This insanity, found in Sections 92A and C of New Zealand’s Copyright Amendment Act 2008 establishes – and I am not making this up – a guilt upon accusation principle!

Yep, you read that right. This means that anyone accused of “copyright infringement” will get his Internet connection cut off; and treated as guilty until proven innocent.

And if that weren’t enough, this crazy legislation defines anyone providing Internet access as an ISP and makes them responsible for monitoring and cutting off Internet access for anyone who uses their services and is accused of copyright violations. Thus libraries, schools, coffee shops, cafes – anyone offering any kind of Internet access – will be considered ISPs and become responsible and potentially liable.

New Zealand’s new copyright law Read More »

A history of the negative associations of yellow

art, history, religion / /

From Allen Abel And Madeleine Czigler’s “Submarines, bananas and taxis” (National Post: 24 June 2008):

Depicted in frescoes and canvases from the early Middle Ages onward in the robes of the betrayer of the Christ, “Judas yellow” devolved into an imprint of depravity, treason and exclusion.

By the 12th century, European Jews were compelled to wear yellow hats, prostitutes were bound by yellow sashes and yellow flags flew above the pus-stained hovels of the Black Death. From this would descend our own yellow of cowardice and insanity, and the yellow badges of the star-crossed Jüden of the Third Reich.

A history of the negative associations of yellow Read More »

The cochineal insect’s gift of red

business, history, religion, science / /

From Allen Abel and Madeleine Czigler’s “Scandal, communism, blood” (National Post: 27 June 2008):

The blood-red allure of lipstick is a gift of a parasitic insect that infests cactus plants, principally in Mexico and Peru. It has been known since Aztec and Mayan times that, when boiled, the body of the cochineal insect dissolves into a deep crimson dye. France is the leading importer. Cochineal dye, which is neither Kosher nor Halal (since it is forbidden for Jews or Muslims to consume any insect) also is used in thousands of foods and beverages, ranging from sausages and gelatin desserts to some Cheddar cheese.

The cochineal insect’s gift of red Read More »