Today’s post is about password discipline, and how most companies that we entrust with passwords don’t really have much!
See it over at Safer Computing.
One of the things that went away in the Pluspocalypse was a community where we played Breakfast Combo. Breakfast Combo is a game similar to Twenty Questions, but without the question limit and with a different answer format (not just Yes/No).
The rules are simple; it’s the imagination of the players and the range of knowledge they bring to it that make this fun.
We didn’t let this die with Plus – a small group of hardcore players continue the fun, on Slack.
The Online Minimal Implementation of the Classic Dinner & Party Game.
⓪ The Server thinks of a noun to be the secret target and announces that breakfast is served.
① When a player guesses the target, she wins and becomes the new server.
② Players shall take turns guessing nouns in an attempt to discover the target. Specifically, a player may guess if either of the following is true:
ⓐ since her own last guess, another player’s guess was answered
ⓑ she has not guessed within the last two hours, has one previous unanswered guess, and someone has guessed in the interim.
Note that, if Alice guesses, and then Bob guesses, and then I answer, §2a is satisfied for both Alice and Bob (as well as everyone else).
③ An incorrect guess will either be designated as the new closest guess, or some commonality between the guess and the target will be revealed, possibly cryptically.
Comment or PM me if you want an invite
I did a talk today about the Orange Book. The Orange Book lays out some very well-structured, very stringent principles for the construction of truly secure systems. The audience for it was DoD and other government procurement officers who needed to buy reliably secure systems for classified processing.
This turns out to be a very personal topic for me. Around the time the Orange Book came out, I was working on a Multics system doing database work for a pharmaceutical company. Multics became one of the first systems to successfully be evaluated under the Orange Book criteria — at level B2. Honeywell, the maker of Multics, was quite pleased!
They gave these buttons away to all and sundry, and I got one.
I found the fact of a framework capable of assuring a secure computer system fascinating. It has always inspired me to find ways to make systems simpler and so more secure. Vendors to the commercial market today will insist that there’s no way to make systems both secure and affordable. Since the primary method of improving a product in its evaluation for an Orange Book rating is to make it simpler, I smell a rat.
One can probably say that my Multics experience in the 1980s inclined me toward getting my CISSP in 2005, and the whole progression of my career since then.
I see lots of apps in the Android play store offering to get ringtones for you. I worry about the security and commitment to users’ privacy of the companies behind these apps. Most apps, in fact. I have probably way fewer apps on my mobile devices than most people.
So I wanted to roll my own ringtones, and I have trial-and-error’ed my way to an efficient way to do this.
Now you have a fully functional ringtone. On my Android phone, the easiest way to get it into the right place is to upload it to Google Drive, download it on my phone and move it to the /sdcard/ringtones folder.
This practice probably violates the letter of copyright regulations, but I am going to emphasize that the ringtones made in this way should be for personal use only. They should not be shared and should definitely not be re-sold. To do either is to feed justification to the tyrannical regime of copyright currently in ascendance.