Friday, 29 August 2014

09:19 – As usual this time of year, we’re run ragged trying to ship science kits and build more. We got orders for 17 kits overnight and so far this morning, which wouldn’t be a problem except that we’re running out of stock on some of the kits. So I’ll get the kits shipped that we do have in stock, and then go build more of what we’ve run out of.

It’s funny. I remember the day we sold our very first kit. At that point kit #100 seemed very far away. Then we sold kit #100, and kit #1,000 seemed very far away. Then we sold kit #1,000, and kit #10,000 seemed impossibly far away. But it’s probably not as far in the future as it seemed at the time, particularly once we get our classroom kits available. When that happens, instead of a good month being 100 kit sales, it’ll be 1,000 kit sales. And at that point, we’ll need a lot more space and some employees. I’m still of two minds about that.


15:06 – Wow. Talk about advice so bad it’s scary: Why Your Passwords Should be at Least 24 Characters Long

And this comes from a supposed computer security expert. I have no problem with suggesting a 24-byte password. The issue is the kind of 24-byte password the author recommends. Here’s an example: HarleyDavidsonStarbucks!!!

That’s exactly three dictionary words and three bangs. Better than a six-byte password, but it needs to be a lot better than it is. Crackers use dictionaries, too, and a supercomputer is just as capable of concatenating dictionary words as it is of working byte by byte. As a matter of fact, there are special dictionaries for crackers.

I would suggest a 24-byte password, but using purely random characters generated by a hardware random-number generator (AKA, dice or coins). So you end up with a password that is 24-bytes of random gibberish. Everyone seems concerned that such passwords are impossible to remember. So what? Write them down and let Firefox store them. Sure, doing that creates a gaping security hole, but again so what? If someone has physical access to your premises and your computer, you’re screwed anyway. What you should be worrying about is someone gaining electronic access to the hashed versions of your passwords, either on your own machines or on, say, Target’s corporate servers. If the plaintext of your passwords is 24 random characters, they can crack away to their heart’s content and not gain access to the plaintext for many decades. Unless, of course, someone figures out (or has already figured out) how to quickly factor the products of large prime numbers. If that happens/has happened, all bets are off.

This entry was posted in computing, science kits. Bookmark the permalink.

24 Responses to Friday, 29 August 2014

  1. ayjblog says:

    I told you so, two? years ago

    cheers

  2. Robert Bruce Thompson says:

    Well, I’m still determined to avoid hiring any employees. When Barbara decides to retire from the law firm and spend more time working for our business that’ll ease things up a lot. Beyond that, I don’t know.

    I’ve actually thought about finding a hard-working 20-something kid with a science background and an interest in the business and adopting him or her. The Romans did that 2,000 years ago, and it generally worked out well for them. Or, more realistically, I may find that kid and bring him or her into the business with the intent of that person inheriting the business after Barbara and I are gone.

  3. Jim Cooley says:

    A smart, motivated kid is a great idea and enjoyable, too (esp. if you like teaching), but get a non-compete agreement. I learned that the hard way.

  4. Dave B. says:

    Well, I’m still determined to avoid hiring any employees. When Barbara decides to retire from the law firm and spend more time working for our business that’ll ease things up a lot. Beyond that, I don’t know.

    I’ve actually thought about finding a hard-working 20-something kid with a science background and an interest in the business and adopting him or her. The Romans did that 2,000 years ago, and it generally worked out well for them. Or, more realistically, I may find that kid and bring him or her into the business with the intent of that person inheriting the business after Barbara and I are gone.

    When you break down and decide to hire, might I suggest you hire one or more college students for the summer to help you build inventory? That way you have a way to get acclimated to the idea of having employees and three months later they’re gone. You’ll wind up with a lot of kits in inventory and ready to go, and a better idea white it’s like to have employees.

  5. Lynn McGuire says:

    Non compete and explicit ownership of Intellectual Property agreement. The agreement needs to say “work for hire” in it. We have also learned this the hard way.

  6. MrAtoz says:

    Non compete and explicit ownership of Intellectual Property agreement. The agreement needs to say “work for hire” in it. We have also learned this the hard way.

    Ditto Mr. Bob.

  7. ayjblog says:

    copyright? It seems that the success is knowledge of the market, and, everything is CC, maybe I am wrong
    I foresee in 2016 moving labeling to China or whatever, due volume perhaps, not filling, yet….
    And Romans in the golden era (Trajano et altri) also pick handed the heirs

    Improving my English, sounds good

  8. Don Armstrong says:

    Well, Bob, sounds like you may just have to consider moving to Boone soone.

    You are going to need roome to moove. You could get a big erection approved up there in the mountains, cement floor, big long benches and shelves, bulk plumbing, wide aisles, and start putting together assemblies and sub-assemblies arrayed in ranks and files. I seem to remember that there was a lot of commonality between the kits for chemistry and biology, and to an extent forensics as well. That ought to mean you could go part of the way towards building kits which could then be swung in any direction to fit orders and shipping requests as required.

    Now, if you could arrange things, you might be able to set them up with scholarships, even distance-learning subjects at Appalachian State U, pre-paid for the people working your business. Maybe even accomodation within the business in little dorms or bunk-houses or studio apartments, which make them on-site watchmen and fire-wardens. All tax-deductible and counted as charitable donations because you’re providing academic scholarships, with some minimal financial cost to cover academic fees, and texts which are bought once at discount and re-used every semester.

    Some suitable subjects might be math and science, science education (propaganda for home-schooling), health and human services (biology, nursing), criminal justice (forensics), entrepreneurship and management, basic skills development.

    Of course, you could strongly encourage self-defence training, unarmed and armed. That could get them their PE credits if they must, while training your business wardens and the future cops.

    Of course, I have little idea how much of this would be legally and financially feasible for you and Barbara to do, but it sounds like at least some of it might be achievable at negative nett cost, and while adding value to your lives. The initial fixed cost of provision of property, buildings and utilities could be covered in the costs of establishing scholarships. Of course, some part of the fixed and variable costs must be charged to you personally, but NOT ALL NEED BE.

    And there’s always the fact that you should be able to attract grants for business establishment and providing new jobs in the area.

    Don’t forget that your authorship of many IT books (as well as science and astronomy), and achievements in defence subjects (black belts, maybe marksmanship) can be used to add weight to your applications and presentations.

  9. Chad says:

    Was surfing the web today and managed to find my way to this Wikipedia article. This is one scary tree!

    http://en.wikipedia.org/wiki/Manchineel

  10. OFD says:

    “concatenating”

    I first saw that word thirty years ago while reading through DEC VAX/VMS manuals, when they still put documentation in big-ass three-ring orange binders. In relation to files in DCL.

    “You could get a big erection approved up there in the mountains…”

    Oh hell yeah, Daisy Mae will be all over Dr. Bob!

  11. ech says:

    Non compete and explicit ownership of Intellectual Property agreement.

    Check state law about non-competes. In Texas, you have to give the employee compensation for the non-compete, called out in the contract. A local radio personality broke his non-compete because they didn’t have compensation for it in his contract. Also, non-competes have to be “reasonable”, i.e. you can’t prohibit a salesperson from going into another sales job, but you can prevent him from selling similar goods to your current customers.

    You might be able to get some of the piecework, like bottle labeling, done by a local sheltered workshop for the mentally and physically handicapped. My brother-in-law works in one doing tasks like putting bandanna sets into bags, etc. He worked for a while at a factory putting together hinge and screw sets.

  12. Rod Schaffter says:

    Hi Bob,

    I use Steve Gibson’s Perfect Password Generator (scroll down). For extra security, once can take snippets of several…

    https://www.grc.com/default.htm

    As far as extra help, my Father in Law was a roofing contractor, and he hired all of his workers through a temp agency, even though they weren’t temporary. Higher cost, but much less hassle and paperwork…

  13. Miles_Teg says:

    He’s still flogging SpinRite 6 for XP?

    Geez.

  14. Lynn McGuire says:

    He’s still flogging SpinRite 6 for XP?

    All those XP hard drives are failing in great numbers now. Probably selling a lot of licenses.

  15. Miles_Teg says:

    SpinRite is basically as useful as tits on a bull.

  16. OFD says:

    At my place of enslavement, wage slave, that is, we have three or four XP boxes floating around somewhere and they will be replaced as soon as I find them and take them outta commission. Depending on their use, probably just Windows 7. I’ll be visiting the desktop issues with the next IT meeting I have with the Powers; so far I’m seeing a hodge-podge of apps and crap on the machines and they probably don’t care but the accounting mangler told me she thinks she has malware ads on hers now, ’cause she uses IE and downloaded some program last week that let her print out IRS forms or something. Sure, let’s have the accounting mangler screw up her machine, which is on the net, and connected to things like…Payroll…?

    I’d forgotten what a never-ending battle it is dealing with luser desktops and laptops in the wunnerful world of Windoze. Damn. I guess I was spoiled with the RHEL clusters and zero contact with lusers. Other than developers or engineers working remotely who all did their thing in Linux anyway.

    No sign or call yet from the Rolling Fempod, now two hours past what it should have taken them to get back if they left at 8. Standard.

  17. Robert Bruce Thompson says:

    It has nothing to do with XP. Spinrite has been only a surface-tester since IDE/ATA drives were introduced. Earlier MFM/RLL drives could be low-level formatted. IDE/ATA drives cannot be low-level formatted other than at the factory.

  18. Lynn McGuire says:

    We have four XP boxes left with two of them running. I will be converting one of the dead ones to Windows 7 x64 in a week or two for our source code server as the 1 TB drive is just about full. Think of a closet that so much stuff is shoved into it that things fall out when you open the door. Gonna expand that closet by a factor of four.

    I have bought a new intel quad core cpu, 16 GB of ram, a wd caviar black 4 TB drive and a gigabyte z77 ud5h motherboard for it. It will take us a long time to fill up this closet. Probably overkill on the motherboard and cpu but I love those gigabyte ud5h motherboards. And the cpu was only $189.
    http://www.amazon.com/Intel-Core-i5-3470-Quad-Core-Processor/dp/B0087EVHVW/

  19. Ray Thompson says:

    I used Spinrite on several MFM/RLL drives and it did an excellent job. I have used it on IDE drives and all it does is surface test and relocate sectors if there is a problem. The test is fairly extensive, more than any other test I have encountered.

    I use LastPass for all my passwords. It can generate passwords but also has the ability to store those passwords so I don’t have to remember the passwords. If you pay a $1.00 a month it will also work on mobile devices. Seems to be a good product.

    When I went overseas last year I tried to access my password list while online. Nope. Lastpass will not allow access from foreign nations unless you provide some credentials beyond just the master password.

  20. Miles_Teg says:

    Yeah, SpinRite isn’t tied to the OS but I remember that there’s not much point in using it on today’s drives. There was also a great Usenet post deflating Steve’s claims.

    The thing that annoyed me is that about 10 years ago I bought SpinRite 6 on the basis that documentation was “coming soon”, in the meantime, why not use our old doco?

    The updated doco never came and I was mightily cheezed off.

    I think there’s a good case for never fixing sectors the drive firmware has declared bad.

  21. Ray Thompson says:

    I think there’s a good case for never fixing sectors the drive firmware has declared bad.

    Indeed. It seems from my recent experience that W7 will report that a drive is going bad as the OS gets information from the drive that reports the drive’s health. Drives are cheap enough now that I am not going to spend the time trying to recover a failing drive. The information gets moved off and the drive replaced.

  22. Lynn McGuire says:

    When some of that magic pixie dust is moving around inside the drive, I do not want it anymore. Besides that, five years is a long time for those high speed rotating components.

  23. brad says:

    I was on GRC.com just a couple of days ago, because he has a couple of handy things on it – in my case, I wanted a quick port test. Looks to me like he’s just left the website unchanged for the past 10 years or so. Presumably, he’s probably off doing something else completely different.

    From what I could tell, Steve’s a bit of a fanatic. He used to have good points on security, but seems not to have kept up with modern times and complexities. On programming, everything he has, he wrote in assembly code. Now, hand-crafted assembly code can be a thing of beauty, but writing his own graphical UI code in assembly? That just hurts.

  24. Miles_Teg says:

    Years ago some 14 year old kid got annoyed with Steve and launched a DDoS attack on him. As that was interfering with his business he researched the IRC protocols involved and got in to a channel the hackers were using and made contact with them, asking them to help call off the script kiddie involved, and made it sound like he’d accomplished some really great piece of hacking.

    I mentioned this to a friend who was a Windows sysadmin, he said what Steve had done was nothing special and that he, a high school dropout, could easily have done it.

    He also likes to big note his assembly language skills, and how he can write much more compact code that way. I like assembler, but am not obsessed with it. It’s just more work to write and test it when it isn’t necessary.

Comments are closed.