Friday, October 24, 2014

Do you like bananas? (but what does that have to do with passwords?)

In researching password complexity while I plan to spin up a new SharePoint 2013 farm, I came across this particular gem in my searches:

"Take five chimpanzees. Put them in a big cage. Suspend some bananas from the roof of the cage. Provide the chimpanzees with a stepladder. BUT also add a proximity detector to the bananas, so that when a chimp goes near the banana, water hoses are triggered and the whole cage is thoroughly soaked.
Soon, the chimps learn that the bananas and the stepladder are best ignored.
Now, remove one chimp, and replace it with a fresh one. That chimp knows nothing of the hoses. He sees the banana, notices the stepladder, and because he is a smart primate, he envisions himself stepping on the stepladder to reach the bananas. He then deftly grabs the stepladder... and the four other chimps spring on him and beat him squarely. He soon learns to ignore the stepladder.
Then, remove another chimp and replace it with a fresh one. The scenario occurs again; when he grabs the stepladder, he gets mauled by the four other chimps -- yes, including the previous "fresh" chimp. He has integrated the notion of "thou shallt not touch the stepladder". [sic]

Iterate. After some operations, you have five chimps who are ready to punch any chimp who would dare touch the stepladder -- and none of them knows why.

Originally, some developer, somewhere, was working on an old Unix system from the previous century, which used the old DES-based "crypt", [original link preserved] actually a password hashing function derived from the DES block cipher. In that hashing function, only the first eight characters of the password are used (and only the low 7 bits of each character, as well). Subsequent characters are ignored. That's the banana.
The Internet is full of chimpanzees."

[source/sauce: What technical reasons are there to have low maximum password lengths?]


Saturday, August 2, 2014

Stupid things can lead to wet basements... A Cautionary Tale

In a whirlwind of bad luck, my condensate pump went up on the furnace about a year after we moved into the house.  It's an easy part to replace:  some tubing for the pump discharge (reuse what's there), some PVC for the inlet for the furnace (some basic plumbing), a 110V outlet for the pump (provided by code on the furnace itself, so just reuse it), and 2 wires that tell the AC to stop because the pump is full (this is supposed to prevent basement flooding, and is the basis for this hack).
The replacement pump I bought turned out to be crap but I was lucky in the sense that the overflow float switch on that unit was wired the same way as on the old one, so it was almost a drop-in replacement (the plumbing part came in as I had to move the pump's placement on the wall, meaning the fill tube from the AC had to be rerouted).  However, when I went to replace that dud with a "better" pump, things went awry...
I had to reroute the plumbing a SECOND time, forcing me to start from scratch with all new pipes (damn PVC glue...) and to incorporate some vinyl tubing to make placement this time that much easier.  But worst of all, the switch on the "better" pump is Normally Open (the switch closes when the water level is at overflow).  On the previous two pumps, the switch was Normally Closed (the connection would go open circuit if the water was at overflow levels).  Not having the ability to switch the switch, as this "better" pump housing is completely sealed with only inlet vents for the water, the outlet pipe for the discharge, the 2 wires for the overflow switch, and the power cord, I was stuck.  NOTHING is accessible to change that overflow switch.  So I thought "well it's a new pump, so until I can fix it, I'll jumper the wires on the furnace and hope for the best."
Shouldn't have said that... I should not have said that.
continued...

Thursday, May 22, 2014

OPEN LETTER TO THE FCC

(sent to openinternet@fcc.gov, a mailbox specifically for public comments about Net Neutrality)

This e-mail will become part of the permanent public comment record at the FCC.  If you plan on writing them also, be warned you are making PUBLIC COMMENTS VISIBLE TO EVERYBODY.  In my case, the more that see this, the better.

UPDATE:  MAY 27, 2014  A RESPONSE FROM THE CHAIRMAN!  (pasted at the bottom)

"To Whom It May Concern regarding Net Neutrality (and the so called "Fast Lane") and the regulation of ISP's as Common Carriers

The concept of Internet Service Providers charging Content Providers additional fees to allow their content to flow through the ISP's networks (without impairment) while also charging end-customers high prices to gain access to ANY content (regardless of provider) is askew of any truly free-market model.