Category Archives: rave

WordSequence For KeePass 2 = XKCD Passwords

If you’re not familiar at all with the title, click here to check out the fabulous comic in question.

“Lolz” right? Well I completely agree with it – and I’m finding that my passwords are getting longer and longer and you really have no hope of remembering them. Take at look at this monster: !J$?e04uGh=eDP (89 Bits) You have no choice but to store this in a program like KeePass, never actually look at it, and hope that your password database stays backed up. 🙁

Password enforcement has gotten better, and worse at exactly the same rate. Here’s an example excerpt from Cal Poly’s password document. (This was discovered when my sister in-law tried 15 times to make a password that she could actually remember for her access):

Passwords must contain at least one character from three of the following lists:
1. Uppercase Alphabetic (A‐Z) 2. Numbers (0‐9) 3. Lower case Alphabetic (a‐z) 4. These Special Characters are allowed: ! $ % & , ( ) * + ‐ . / ; : < = > ? [ \ ] ^ _ { | } ~ These special characters are not permitted: # " @ and the space character

Passwords must not contain any of the following:
1. Your previous passwords used within the last two (2) years 2. Passwords less than 16 characters must not contain any of the following: a. Any words of three or more characters, including non‐English words b. Any groups of three or more characters of the same character type c. Any names, person, places, or things found in a common dictionary d. Any of your names (first, middle, last), any current Cal Poly username e. Repetitive characters (sequences)

The second part ensures that no password can be easily memorized. This string has to be written down. Once it’s written down, the whole reason for having passwords fails everyone, and after staring at the logic for 5 minutes I came up with something like this: 50Fu40Yo (42 Bits)

If you network admins are listening, you need to get over trying to corner users into crazy strings of letters and numbers. Dictionary words are easy to guess, but strings of dictionary words with random characters in there are just as good, if not infinitely better for users to actually remember. Lets look at this example: Wool+BladeFriction5 (105 Bits) A brute force attack is just going to go through every possible character in every possible position, and there’s 19 of them. Now for our ‘easy to remember’ Cal Poly password, the length is only 8 because I would never actually want to make it more then the minimum. Do you want a short useless password that gets written down? Or a long somewhat complex one that is memorized?

The challenge is to make a complex password that is easy to remember. The password should also satisfy usual requirements for length, capitalization, and numbers or uncommon characters. Here’s what I use:
KeePass 2 & WordSequence

Search the web and drop a couple thousand words (I used nouns and prepositions) into the window. I came up with some common substitutions (like @ for a, etc. – ‘b@ke m0re p1e’) and created complex easier to remember passwords like: Cheese4TigerDinner! (88 Bits) Most normal websites would accept this as a excellent password for the length and the special characters, and most humans could remember the phrase: Cheese for tiger dinner!

ix2 NAS Drive Failure.

I was copying pictures to my network drive and I noticed that it was responding slowly. Taking a good ten seconds to draw a .jpg preview. I logged into my Iomega Storcenter ix2 and the dashboard told me the news: “A drive is missing from the device”

I immediately made a backup to my workstation. Once copied, I completely shutdown the Storcenter, opened it and checked the connections. In order to see that it was a drive that had failed and not the board, I swapped the SATA cables for the two drives, tightened it all up and turned it back on.

What I next learned was that I have little patience for blinking lights. “What are you doing NAS drive?” I asked. “You respond to a ping, but that’s it.” No web interface… Well, let’s see what’s really going on. Connect via SSH and run this command: cat /proc/mdstat You’ll get actual information about what’s going on. At first I saw that the drive was rebuilding and was at 32.4% with 109 minutes remaining. A few minutes later I ran the command and got something like 33.8% with 132 minutes remaining. Okay – time to get dinner and wait for this to finish.

When I returned, the missing drive was back online and was crisis averted? Nope. The next morning I checked my email and received this from sohostoarge:
The Iomega StorCenter device is degraded and data protection is at risk. A drive may have either failed or been removed from your Iomega StorCenter device. Visit the Dashboard on the management interface for details. To prevent possible data loss, this issue should be repaired as soon as possible.

Awesome. 😐 Well, at least my email script still works.
Later that afternoon I picked up a 500GB WD Caviar Green from BB for $56. The Green drives are quieter, a little slower, and use less power – great for this application. I took the ix2 apart AGAIN, and removed the barely 3 year old Seagate Barracuda 7200.11 out of the device. I know that people have hardware preferences out there, and I know they differ, but here’s mine: I don’t buy Seagate drives. Ever. I’ve been a computer tech for over ten years. (Of course I bought the ix2 without knowing it comes with 2 of them 🙂 )

After closing up the drive I powered the NAS up and watched the magic. The new drive rebuilt and I got a steady blue light on my ix2 when I checked later the next day. No linux commands, no format, no partition, no RAID – just replaced the dead drive with a new one of the same size and we’re back in business. Am I pissed that this drive failed in 3 years? Sure. Did the Iomega ix2 do its job and kept my data safe? Absolutely!

If I didn’t need this data immediately I might have experimented with bigger drives, but I think I’ll upgrade to the ix4 before I ever try to upgrade the capacity of this little guy.

Make a Google Earth Fly-Over Video!

I organize a stage rally in Ridgecrest, California called the High Desert Trails. For the last three years we have run on a six mile road on private property. In order to grow the event we needed to find more roads. Stepping up to public roads means more insurance, permits, and logistics (more stuff). None of which we can afford if competitors think it’s still a small rally. Competitors (like myself) are often skeptical of new roads. It usually takes a couple of years before ‘everyone’ in the rally community knows what the roads are like at [rally name here]. How do you get rally drivers excited about an event with new roads today?

Google Earth! Imagine what it was like 10 years ago, before publicly available satellite imagery was a mouse click away. Rally Masters would spend hours driving around looking for roads. Even with updated topographic maps, you still have to get out there and check out what it actually looks like. Early in 2003 I spent some time looking for roads in New Hampshire and the topo maps don’t tell you about the flooded marsh, the rocky boulder filled road, or the intersection that home owners just piled dirt and brush on, so that neighborhood kids would stop using the route.

With Google Earth we were able to see what shape the roads were in, and we got an idea of how wide they were and if they were blocked, gated, etc. This reduced the number of ‘road scouting trips’ to a handful. We were even able to scout the route we had decided on when we got back to check for anything we had missed. The ability to see this kind of road detail is a game changer. “I’ve seen it from space.” is now a part of my vernacular.

It was only natural that I wanted my competitors to see it from space as well. I actually prefer this to coordinates, as I don’t want to reveal the exact route until the day of the event. For those rally folks reading this, I’m sure my methods can be re-produced and you could ‘discover’ the area outside of Ridgecrest that we’ll be using for the event. You are also aware of the pre-event testing rules, and the jeopardy to the event should you decide to do any pre-running. 🙂

How was it done?
* You’ll need a copy of Google Earth.
* You’ll need a screen capture program called CamStudio.
* Both of these programs are free!

Setup your view under Google Earth Options: Tools – Options – 3D View. Click ‘Show Terrain’ under ‘Terrain Quality’ and crank the slider to the max for detail. You’ll also need to edit the options for ‘Touring’ under Google Earth Options. Some of these options for recording refer to the Pro version of Google Earth which will make these videos in much higher res. A full version of Google Earth Pro is around $300. Highly recommended for a business or commercial venture. (but you can do just about the same thing for free with Cam Studio *cough) A good place to start is by setting the options to match what I have below. You’ll want to tweak your angles and heights continually to get the shot your looking for.

Go to the area of the map you want to make a movie of. Start by creating a path. A new window will pop up called ‘Google Earth New Path’. I suggest you change the name from ‘Untitled’. When you LEFT click on the map a point will appear. RIGHT click if you made a mistake. Use the controls in the top right to move around to your next point. Hit OK on the ‘Google Earth New Path’ window when you’re done. You can click on the path to add more later as well as changing the color and thickness of the line. You’ll want to hide this when you actually record your movie. This interface took me some time to get used to (especially in 3 dimensions) so be patient with it.

In CamStudio you’ll want to setup the video options to capture a ‘Fixed Region’ (I used 320 X 240). When you hit record a window will appear, place it over the Google Earth window as shown. Start the tour by clicking the “Start Tour” button: Record your shot and hit ‘Stop’ on CamStudio. You will be prompted to save your video.

For the rest of it I edited a group of videos and different shots with plain old Windows Movie Maker. Added a little royalty free music and uploaded to YouTube. As far a the rally is concerned, my first reactions were something like: “Woah! Helicopter? Oh Wait… this is awesome!” It will no doubt get peoples attention and hopefully we’ll get tons of competitors out to the High Desert Trails Rally on April 9th, 2011.

WordPress 2.0 > 3.0 now with text!

“Going forward may not be the answer. Maybe I should go back.”

As an early adopter of WordPress (look through the archives some time…) I can clearly remember the departure that WordPress made around version 2.0. They started calling links ‘the blogroll’ like dumb hipsters and when the admin logged in, it said ‘Howdy!’ and lots of other weird things that had nothing to do with the ability to write / create / share were changed. The media uploader was so horrible at the time, I turned ‘upload.php’ back ON and kept my hacked up version WP 2.02+ and it’s been unchanged for years.

I finally started to like the new stuff from WordPress when I installed 2.8 on highdeserttrails.com. It’s now consistent and polished, and doesn’t feel hipster and untested. I’ve been putting off a major upgrade of planetkris WordPress for a while. Okay, I guess like four years. It looks as though the WP folks have forgotten about me in the same time a BMW lease takes to expire. Everything before 2.7.1 right now has a very fuzzy upgrade path. Like “Dude – you can’t export XML?! What the hell is wrong with you?” fuzzy.

After reading the ‘update your database until MySQL shoots out of your nose‘ posts out there, and not finding any clear update path for those of us stuck in time – I started to think back to how I got here. I imported my ENTIRE BLOG *gasp from a MovableType text file called mt-export.txt. Yeah… Like a UTF-8 TXT file I can open with notepad.exe – text file. I looked for many ways to export and import and it all came down to this post: WordPress Export to Movable Type or TypePad The idea was to just export everything in MT format, wipe WP 2.02, the folders, etc. Setup WP 3.0, new files, new database, import from MT. If I had to go back, I just restored the files already pointing to the old database.

This clever theme drops your entire blog, all posts, all comments, in a big long page which you can click ‘view source’ and save as an mt-export.txt!
Want to edit where all of your images are stored before you import? Go crazy! Want to not deal with a drop of MySQL and get your blog updated? Here you go! The other positives are that the install is fresh. A fresh database and WP install is ALWAYS going to be better then an ‘Upgrade to 2.1 > Upgrade to 2.3 > Upgrade to 2.5 > Upgrade to 2.7.1‘ ugly beast of a thing.

Compromise for some? I’m sure. All I wanted was the posts. I didn’t even really care if the comments came over, but they did. Categories, author, and dates too! You’ll have to figure out your links, pages, themes, etc. on your own. WordPress 3.0 feels good and I particularly like this quote from the dev team – “Normally this is where I’d say we’re about to start work on 3.1, but we’re actually not. We’re going to take a release cycle off to focus on all of the things around WordPress. – – The goal of the teams isn’t going to be to make things perfect all at once, just better than they are today.” Dumb hipster? Not these guys.

I’m rocking a slightly modified theme from Yashfa right out of the box. You like?

Dell Mini 9 back in black as Vostro A90

Dell Mini 9 rebranded as Vostro A90For those who missed the Dell Mini 9 but wanted one – The Vostro A90 is a re-branded Dell Mini 9 (Inspiron 910). I almost like it better in black. It looks like the Ubuntu option is there as well as a standard 16GB SSD and 1GB of RAM (Things I had to option UP to with my Dell Mini 9.) Not bad for $294.

The only official ‘Dell Mini’ option is the Dell Mini 10v now – and is being hated upon for its un-possible to open and upgrade design. You need THREE videos to show you how to open it.

What? No more Dell Mini 9? Oh well…

Dell Mini 9 Inspiron 910 end of lifeI’m typing this post on the last of a great little netbook from Dell. Yep, the Dell Mini 9 is confirmed by Engadget to be end of life. And what a short production run it had. Replaced by a 160GB spinning mechanical disk crammed inside the ‘I just can’t go any smaller then ten inches of screen’ Dell Mini 10. I’m uber glad I optioned it up with the extras – extras that will be that much harder to find in the coming months.

Oh well – their loss. A silent – super portable – network engineers pal for the last two months, my Inspiron 910 has been great for setting up routers, ssl vpn’s, remote controlling servers worth 20 times its cost, and keeping my iGoogle feeds at the ready for when customer downtime occurs.

Tonight’s project is to get DVD video ‘converted’ to a portable media format I can watch on the upcoming summer air trips. 3.5 hours of battery is enough time to watch a movie or two…