Web 2.0.11562 beta

Gotta love capistrano. The more I use it the more I appreciate it. I use it for old PHP sites, running and downloading database backups, whatever. Here’s an example from my up-and-coming pizza.pro site.

Notice the beauty and power of the run and system commands, allowing you to do pretty much anything you want on your local machine or on a remote server. Sweet!

Another thing I did was to make svn.cap and git.cap files and make aliases in my local .profile like:

That way I can easily issue commands targeted at the remote server for those cases where the site itself is the originator of new content. Any site that might generate content on the server, really should have that content committed from that server!

I wasn’t sure I’d have a car last this long, but my 1997 saturn has now gone over the 100k mark. It’s looking old, but never has any problems. That and the fact that it gets pretty good gas mileage (manual transmission) means it’s a very cheap car to operate. So sexy new cars be damned, I plan to keep driving this around for a while.

Please note that I’m not claiming this is the greatest car or anything. I have one other car, a 2004 Volvo s60 and it is so much more comfortable and nicer to drive on any trip of length. But the cost of ownership will be much higher by the time it reaches 100,000 miles if I keep it that long.

Website builders would do well to keep this in mind too. Build your sites to last. That’s not to say don’t use the hot new stuff, just go to great lengths to strictly adhere to web standards. Functional websites usually persist longer than people expect them to. I’m referring to intranet tools, web-based applications, functional public websites, etc.

Russia gets ICANN approval for .РФ Zone - this is real progress!

http://www.kommersant.com/p1052592/r_529/Domain_registration_.РФ/

Russia will become the first nation with the non-Latin domain. ICANN Corp that manages domain distribution in the Internet accepted yesterday the registration application for Cyrillic domain. The registration of web-sites in Russia will begin in early July and roughly 350,000 sites will probably emerge in two years.

What’s the common strategy here that most folks use? One main email address for personal use, one for business, and one that’s used to signup for various web services.

That’s not a terrible strategy at all, but it’s not the best either. Your throwaway address really must be just that. Because people are free to abuse it. You cannot know who it was that’s responsible, and you cannot shut it down, because you depend on that address for so many sites.

Better solution? Register another domain, get the .net version of the main domain you usually use. I say use a new domain because then you can just use it only for email aliases. Create a new alias for EVERY website and service you signup for. Use the name of the site or service, like amazon@yourdomainname.net or foomagazine.com@yourdomain.net. You’ll find that fewer folks will send you spam because you know where it came from! Even after years have passed and you start getting spam, you can simply delete that address. Problem solved!

OK it’s a little disappointing that nobody criticized this as being too easy to crack. Someone is supposed to come along and give me the opportunity to follow up by showing how simple it is to tweak this to get really, really, solid passwords. I think the argument goes like this:
basing passwords on domain names of the sites means there are predictable patterns.

Well yes and no is my answer. Suppose you used the letters following or preceding the real letters, like b instead of a, etc? How about using hexadecimal digits for the first 16 alphabet characters? How about starting with pig latin? On so on and so forth. There are as many variants on these example steps as there are thinking people.

Be a password pro! Basing passwords on domain names with extension ensures a unique password for each site.

This topic is important and people need to her the lecture at least once a year. So here goes. Take a little time to improve your personal password strategy, there are easy ways to be safe and secure. Anyone using a single password for everything they do online should make this top priority; you have a problem that needs to be fixed ASAP. I’ll show one strategy for doing so here.

Why should you care? In case you haven’t realized yet, there are sites built every day where the authors irresponsibly choose to store user passwords in their database as plaintext. There is no excuse for this, yet it continues to be commonplace despite easy-to-use encryption libraries and openID. If you want to combat this practice, then simply refuse to use any site which allows you to have your password emailed to you, because of course the only way they can do this is if it is stored on their system. Odds are some of these same sites are not too careful about adhering to other security best practices, like sanitizing form input data before using it. So they’re likely an easy target for an attacker and have an unencrypted booty waiting to reward anyone who finds a way in.

I never recommend this strategy, but I know people who use it. They use one password for everyday use signing up to sites (like to become a user of this site and post comment), another password for important sites (their hosting control panel, admin area for their website, etc.) and a third password for critical use like bank and brokerage accounts. Using the same password for many sites means that if someone gets your password they can do damage in many places. Does it sound smart to have your whole financial stake in life depending on a single password?

Algorithms are a step-by-step method for accomplishing something. Learn to use one for your personal passwords. The important thing is to choose something that you can do in your head, so you don’t need to write down passwords. I think you want a three step process, four at most, to keep it easy. I also recommend basing it on info specific to the website in question using both the domain and extension, so foo.com and foo.org get distinct passwords. Here’s a simple example.

1. split the string as follows:
- if 2 words, split the words
- if more than 2 words use only last 2 words and split on word boundary
- if only one word, acronym, etc. then split after 3rd character
- if string < 4 chars, use it twice or use extension (foo.com => “foofoo”)

Insert arbitrary character (like dollar sign) between the two tokens (period, number 3, etc.)
- this might always be the same, or can be based on extension or type of site
- ex: “foobar.com => “foo$bar”

2. reverse characters in domain w/out extension (foo$bar => “rab$oof”)

3. replace the first vowel with a number
- a common strategy for doing this would be a=4, e=3, i=1, o=0
- map u to whatever you like {u, v, uu, blank space, whatever}

4. do something crazy, like append the letter Q onto the string
- or change the last character to something instead of appending

Using this algorithm, your password for the site foobar.com would be:

Try changing the details so it makes sense to you. Change the order of the steps. Add you own unique twist. It’s pretty easy to create passwords unique to each site that you can always figure out and never need to write down. Just pick a strategy and stick to it.

OK if you’re really into this, here’s the punch line. Create a 5-step algorithm that seems easy to remember. Then make yourself a couple of variants by removing one and then two of the steps. Now you have three (similar) algorithms. Use the hardest one for your online banking and such. Use the middle one for your ssh / control panel / FTP passwords, and use the easy one for other websites.

Yes it’s just a joy to use. I hate to be a walking advertisement for Apple, but I’m enjoying my new laptop even more than I thought I would. I always enjoy moving to a new computer; it’s a chance to re-organize my digital life, discarding any baggage in the process.

I’ve never had more than a couple commercial software programs on my machines - Adobe Photoshop is the one that we never seem to be without despite a long-running admiration I’ve had for Gimp. Now that I’m getting old, that trend seems to be going away, and now I’m buying software I don’t even need like versions. I’m perfectly content using subversion from the command line (in fact I still can’t seem to do certain things from Versions) but the program is so slick and the UI so compelling that I decided to buy. Anyway, enough about me getting old.

I look forward to the day when our mental data stores can be uploaded and downloaded as a way of re-ordering them. Just as the organizational schemes you used on old computers is less effective as time goes by, so too is your brain. Part of the reason is due to the way you’ve created your organization scheme for knowledge and your precious memories and such. Upload, re-format, create newer and more appropriate filesystem and then re-apply most of the data. Just like new computers, you’d invariably find that lots of that old stuff is just not needed. Similarly many of the priorities that drove your data organization earlier in life have changed, and an fsck is in order.