News

Requiem

One hundred years and four days. That's how long a remarkable guy named Norman Vaughn lived, I recently heard on the radio. Norm was an Alaskan adventurer I've met several times. When I first met him, he was in his 80s, taking a sea kayaking navigation class. He was taking up a new sport.

Norm had visited the South Pole with Admiral Byrd, on the first expedition to make it to the pole. Norm had raced in the Iditarod many times, most often winning the Red Lantern award for the last racer to finish each year. Norm was an irrepressible optimist, living his dreams every day, and an inspiration. He died two days before Christmas.

One hundred years ago, there were no computers, no IBM, let alone Microsoft, and certainly no open source software. It would be interesting to compare common attitudes and platitudes from then and now.

"If it ain't broke, don't fix it!" Here at Freelock, we're strong believers in that maxim. The problem is, so much about computing is broken these days. And in most cases, we've just learned to live with the problems.

You have had choices. For the past decade, your choice has been between crash-prone and insecure Windows, incompatible, expensive, and slightly strange Macs, or highly technical, user-unfriendly Linux. Times are changing, for all three.

Computer history has some interesting parallels in the history of the American West. After the initial forays of Lewis and Clark and the first set of explorers, early settlers crossed the plains in covered wagons. But the West wasn't accessible to most Americans until the age of the railroads, when the Union Pacific Railroad put tracks across the continent and started running regular passenger service.

It's been a bad week for computer security. Basically, if you use the Internet and have a computer, it needs updating. Even Mac and Linux users are affected.

First off, Windows. For those of you trying to limp along with Windows 98, ME, or NT, I'm sorry to say we've reached the end of the line. Microsoft has announced that they do not plan to release a fix for these operating systems, for the critical vulnerability revealed earlier this week. If you use any Windows 98 or ME machines to browse the Internet, you're vulnerable, and the only thing you can do is update to a newer operating system.

I spent several years of my childhood in a remote corner of bush Alaska. When thinking about those times, I remember one village in particular: Point Lay, mid-way between Point Hope and Barrow. In Point Lay, in the late 1970s, we got our news twice a week from people and mail arriving on our regular mail planes. Every Tuesday and Friday, depending on the weather, news from the outside world would arrive, filtered by the people who happened to be on the airplane or the magazines we were subscribed to. We didn't have television, or good radio reception. Aside from the delivery vehicle, the news we received was much like living in rural America a hundred years ago--second or third hand, heavily filtered.

If you haven't paid attention, the World Wide Web has been changing dramatically over the past few years. It used to be that if you wanted to create a web site, you either had to learn the basics of HTML, or spend a few hundred dollars on a web development tool. Or hire a designer to put one together for you.

Every time you want to add new content to your web site, you'd have to go back to your tools, add a new page, update all of the site navigation, or pay another fee to your web designer.

Those days are history. Thanks to a variety of different content management systems, you can easily add new content to your web site with no technical knowledge whatsoever.

Let's talk about phishing. Phishing is just like fishing, only your identity is the fish and the bait is an email that looks like it came from your bank, or eBay, or Paypal, or any other legitimate place. The goal is to get you to follow a link to a site owned by the phisher, and trick you into divulging some private information, such as your bank account number, pin, passwords, or social security number.

Some phishing emails look completely legitimate, using logos, links, and text from the real business. Many try to warn you about fraud being committed with your account--the truth is, the senders of the email are the ones trying to commit fraud with your account, if they can trick you into divulging it. These types of emails are almost always fake. When you follow the link in such an email, you'll usually get taken to a web site that looks exactly like the real web site. But it's not.

In our previous episode, my laptop had died a spectacular death from a full cup of coffee. I had to send it into the IBM depot, where they replaced nearly everything but the battery. Including the hard drive.

Last week, my laptop died a sudden, spectacular death by drowning as a full cup of coffee poured into its keyboard. It emitted a pop sound, and the screen and all power shut off.

What would be your reaction? Mine was to immediately unplug the power cord and remove the battery. Then I took it over to the sink and poured out the coffee. Remembering tales of people flushing keyboards with water, I ran some fresh water over the keys and then set to work. I removed the keyboard, the palm rest, a few of the inner cards, and let it sit without power for several hours. Apparently not long enough.

Why use a strong password

In the online world, security plays a role in all online activities. Passwords are the most commonly used method to limit access to specific people. In last month's newsletter, we discussed assessing the relative value of systems protected by passwords, and grouping passwords across locations with similar trustworthiness.

In a nutshell, don't bother creating and remembering strong passwords for low value systems, and certainly don't use the same passwords for low value systems that you use in high value systems.

The problem with weak passwords

Your dog's name. Your anniversary. Your childrens' initials, birthday, or birth weight. Your favorite hobby, or the name of your boat. Which one do you use for your password? Network Administrators and hackers know that most people choose passwords like these to protect anything from logging into web-based bulletin boards to buying things online.

Why does it matter? Identity theft. Corporate espionage. Loss of your data, or digital photos. Do you want to risk these things? In many cases, a weak password is all that separates your data from any bad guy who chooses to impersonate you online, or worse.