You Don’t Have a Cell Phone?
- 1998: Solidarity (“Yeah, me neither—I hate those things!”)
- 1999: Envy (“Lucky you; I had to get one for work.”)
- 2000: Indifference (“Okay, what’s your home phone number then?”)
- 2001: Encouragement (“You should get one—you can play Tetris on them now!”)
- 2002: Confusion (“I thought you were, like, a tech guy.”)
- 2003: Sympathy (“They’re getting pretty cheap. You’ll be able to afford one soon.”)
- 2004: Irritation (“So how am I supposed to get a hold of you?”)
- 2005: Derision (“If we go out tonight I’ll send you a fax.”)
- 2006: Skepticism (“Are you serious?”)
- 2007: Awe (“Wow, you’re like the last one.”)
- 2008: Incomprehension (“You don’t … how …?”)
…as someone who got into the cell-phone game probably around 2005-2006, I might have held out until 2007 if I had known that awe was the next reaction in line. It’s like the twelve steps of luddite-is.
20:38 CST | category / entries / links
permanent link | comments?
Worst security questions ever (seriously)
My bank implemented new security questions last night. Here are the questions in their unedited glory (notations in brackets are for part two of the game).
- [A] What is the name of the high school you attended?
- [B] What is the name of the first company you worked for?
- [C] What is the name of the first street you lived on as a child?
- [D] What is the first name of your paternal grandmother (father’s mother)?
- [E] What was your favorite place to visit as a child? (Park, vacation city, etc.)
- [F] What is the first name of your spouse’s mother?
- [G] In what city did you attend high school?
- [H] What year did you graduate from elementary/grade school? (YYYY)
- [I] What is your best friend’s first name?
- [J] What is the profession of your maternal grandfather (mother’s father)?
- [K] What is your mother’s birthday? (MMDD)
- [L] What is your favorite city other than where you live now?
- [M] What is your first child’s middle name?
- [N] What is the first name of your best friend from college?
- [O] What year did you get your first job? (YYYY)
- [P] What is name of the hospital in which you were born?
- [Q] What is your oldest sibling’s birthday? (MMDD)
- [R] In what city was your father born?
- [S] What is the last name of your favorite historical figure?
- [T] What year were you married? (YYYY)
If you’re playing along at home, how many of these questions (of the 21) are “good”? Blah blah blah, determined adversary, but COME ON! This is ridiculous. Schneier is getting an email about this one and maybe he can put a boot to their security officer’s coffee cup and wake him/her up.
Now, for the analysis.
|Vulnerable to public records (first degree): || A,C,G,H,P,T |
|Vulnerable to public records (second degree):|| F,J,K,M,Q,R |
|Vulnerable to close friends: || A,C,G,I,N,T |
|Vulnerable to resume: || A,B,G,H,O |
|Vulnerable to guessing*: || H,I,N,L,S |
|Not particularly vulnerable: || E,L,S |
*Vulnerable to Guessing
[H] What year did you graduate from elementary/grade school? (YYYY)
Given a person’s age (mostly public record), elementary graduation is easy to deduce within a year or two.
[I] What is your best friend’s first name?
[N] What is the first name of your best friend from college?
Top 10 most common male names has a whopping 25% chance of hitting a match.
[L] What is your favorite city other than where you live now?
Paris. New York. San Francicso. Los Angeles. Miami. Add in a few others and that’s got to be at least 25% assuming you have no other data (ie: travel records, vacation photos on the web, etc).
[S] What is the last name of your favorite historical figure?
Census data last names say 5% chance of hitting within the top 10. But come on. Washington, Lincoln, Franklin, Jefferson (people on money). Throw in a few living presidents and/or dead celebrities and you should be able to improve that percentage as well.
Now in my bank’s defense, some of these negatives could be considered positives. Relying on publicly provable information for a variety of these things means that a person can’t really forget (for example) “In what city was your father born?” And many of the questions don’t have a clear answer, but instead an easy probable 5-20% chance of guessing it correctly per guess.
This wouldn’t be such a problem if there were so few non-public questions, and if they didn’t introduce an entirely new class of vulnerability to security questions by allowing “resume attacks”.
A resume generally has dates and locations. Depending on how old you are, your resume tells where you went to high school, when you graduated, what your first job was, approximately how old you might be. Really quite terrible from the perspective of keeping on top of the security questions.
Something interesting about resumes is that they are a double-edged sword. On one hand you want the widest distribution possible (self-promotion / advertising). On the other hand, you have to disclose a fair amount of information in order to permit people to contact you. My resume has been online for at least as long as this blog, and I’ve always run it as a similar thing to my traditional resume (includes address, phone number, email). Maybe it’s time now to put in “contact me at http://www.robertames.com/contact” and slap up a form.
10:05 CST | category / entries
permanent link | comments?
Fighting Mojibake at Home
At work, we’re pretty serious about internationalization. Plus I’d recently read a good book that included the topic and some posts on the interwebs. There’s a term that that was unfamiliar to me (mojibake), but immediately made sense that there should be a word to describe the phenomenon.
Mojibake is basically what happens when you have character encodings declared one way but actually encoded in a different way. Either read my del.icio.us links or make do with the metaphor that it’s like writing something using the Caesar Cipher but declaring that it’s ROT-13 (only it’s only noticeable when you use é’s and stuff). Have you ever seen boxes or question marks on the internet? That’s mojibake.
The good news is that if you’re a developer, you can fight it. Read the articles I’ve bookmarked on I18N and continuing with the example above: strings are never strings anymore, unless you know their encoding.
(note: this text is encoded using rot-13)
GUVF VF EBG GUVEGRRA
(note: this text is encoded using the caesar cipher)
WKLV LV FDHVDU FLSKHU
Every piece of text that you own, store, process, export, send over a network, render in a webpage, read from a database, write to a filesystem, enter into a textbox, put into an email, etc, etc, etc. YOU MUST DECLARE THE ENCODING. That’s one aspect of I18N in a nutshell. And it’s also the simplest answer to fighting mojibake.
If I just gave you those jumbles of letters above without the encoding, they’d be effectively meaningless. Unless your primary text is seriously non-roman (and probably even if it is), UTF-8 should be your default encoding. Most programming languages are leaning towards using UTF-8 encoded strings as their default string types, so that is currently the path of least resistance.
The title of this post is “Fighting Mojibake at Home”, and the inspiration for this post was a stupid link I’d bookmarked: NOTES ON AN ?INSURGENCE OF QUALITY? (question marks for posterity). It was showing up on my syndication sidebar (oooh, web2.0gasm) with stupid question marks and at my current pace of bookmarking, it’d be there taunting me for at least a month. This led me to take the fairly simple corrective actions of:
- Set Content-Type headers to include “text/html; charset=utf-8”
- Add <meta> tag for UTF-8 (in case you save my HTML to disk)
- Change Magpie-RSS to output UTF-8 instead of ISO-8559-1
- Add “:set encoding=utf-8” to my .vimrc
This was in addition to poking around in the Blosxom source to make sure there was no obviously wrong string manipulation going on (none that I saw straight away). If you’re serious about development, see if your code passes the Turkey test, a completely awesome checklist of how your software (right now) will break in Turkey.
23:46 CST | category / entries
permanent link | comments?
Beers Worth Your Consideration
After trying a whole bunch of beers, I have managed to stumble upon quite a few favorites.
First I have to mention Shiner Bock. We are truly blessed to have Shiner as our local beer. I’ve really liked Shiner ‘98 (may it rest in peace), and after reading the wikipedia article, I’d like to try their Hefeweizen and Shiner Light (just to see if it really is approved by the town of Shiner).
Next we have one you can probably find near you (assuming you don’t live in Texas … oh wait, if you’re reading mah blog, you probably do live in Texas). Anyway, Blue Moon. Made by Coors (but don’t let that fool you), it’s a wheat beer, kindof cloudy, usually served with a slice of orange. Very tasty and smooth, with a hint of citrus and spice.
Two more wheat beers, Franziskaner and Leinenkugel’s Sunset Wheat … Franziskaner is a German beer, pretty difficult to find, but Leinenkugel is generally available bottled (very rarely on tap) and is awesome. Of course it’s a wheat beer, so if you don’t like wheat’s you’re out of luck, but it is again very smooth, and not as citrus-y as the others.
That brings us to Pyramid Hefeweizen. Pyramid is another great beer. Reading up on wikipedia, it looks like hefe means “yeast”, where I guess the beer is self-carbonated in the bottle with yeast. Yum.
I would have almost forgotten St. Arnold’s Fancy Lawnmower, a beer that I first tried at the Ginger Man pub near downtown Dallas, probably the first craft brew that I tried and liked, the one that started me down the path of trying new / weird beers. Again, a bit citrus-y and from what I remembered is served with lemon. Looks like they have brewery tours on Saturdays and are from Houston, so I’ll have to stop in and try it some time.
01:28 CST | category / entries
permanent link | comments?
Like what you just read? Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.