Password Management

September 11, 2012

There are two important things to do to safeguard your accounts:

  1. Use a different and “appropriately difficult” password for every website you sign in to.
  2. Use two-factor authentication whenever you can.

It’s important to use a different password for every website because the websites’ operators may not store your password securely; if a bad guy gets hold of the password database for and finds in there — with my password stored insecurely — you can bet the next thing he’ll try is to get into my WordPress account. And then he’ll try gmail. And banks. And so on.

“Appropriately difficult” means you need 10-20 random characters, or six or so words, in your password. How do you keep track? You write them down. As Bruce Schneider said, “if you keep your passwords on paper, put them with the other bits of paper you keep safe,” i.e., in your wallet. Or you can use a password management program to keep them online for you.

I use KeePassX ( because it runs on Mac, Windows, and Linux.  For Windows-only, the original KeePass ( is somewhat superior because it has good integration with some Windows subsystems that allow it to auto-type passwords, keep the KeePass master password secure even if the host computer has been compromised, etc.

The password file is encrypted using moderately decent crypto so it can be emailed, put on Dropbox, and generally shipped around the internet.  It also has a “notes” field in its entries you can use to keep more information — such as random answers to security questions.

For passwords you need to share, or remember without a password manager (such as the password to get into the password manager), I use the Diceware method. There are some automatic Diceware generators — I have one, and I will forward it to you if you ask me — or you can DIY a word-based password by opening a book, closing your eyes, and picking a random word six times.


Jim Gray missing at sea

January 31, 2007

I am sitting with one of my all-time favorite CS books, Transaction Processing by Jim Gray and Andreas Reuter, in plain sight as it always is when I’m working. The case has been widely picked up by the general media, so I will post only a few thoughts that might add something.

Jim was reported overdue at 8:35 PM on Sunday. He was out for a day sail and was expected back in the late afternoon.

Distance from SF to the Fallaron Islands, his apparent destination, is 25 nm. Hull speed of the C&C 40 is 6.75 knots, so trip time at hull speed from Golden Gate to the islands would be about 4 hours.

What might have happened? Based on my offshore experience, I’d guess man overboard. Jim is said to have decades’ sailing behind him, so he would have known to stay clipped on. Harnesses do (rarely) fail, though, and more frequently folks go for a few moments without a positive connection to the vessel. The difficulty of getting back on a moving vessel is also something I am familiar with; the C&C 40 looks to have a swim ladder on that reverse transom. I hope so, anyhow.

Collision with a freighter seems less likely with the excellent weather. Collision with a container is a more random event, since they float awash if they come off a ship. I have heard of boats suffering catastrophic damage from a container strike. If she filled and sank after hitting a container, that would be consistent with the lack of wreckage.

The C&C 40 was an excellent yacht, but they had a few nasty failure modes, “wet core balsa” among them. Equipment failure that would cause catastrophic damage seems unlikely. Equipment failure that left her unable to move or communicate?

Jim is said to be in good health and was apparently in good spirits when he was last heard from. Sudden health events do happen to us older guys, though.

Man overboard comes out of this looking most likely. If the ship were on autopilot and under sail she might be up to 400 miles from where she started.

If Jim is overboard, and assuming he’s alive, how do we find him? The Coasties have not had any success. Re-tasking a satellite seems like a possibility, but how can we find the right needle in the haystack?  Joe Duck is on the job up in Oregon, which is now in the expanded search area.  There’s a collective of amateur SAR kibitzers and occasional visits from professional SAR folks that merits some respect.

Blog Tag — W00T!

December 19, 2006

Joe Duck tagged me, so here it is. Five of the lesser-known facts about me:

  1. I was rescued at sea twice. Neither time went exactly perfectly.
  2. I, too, wrote an operating system as an undergrad. I missed my chance for fame and fortune, in no small part because the PDP/11 was the smallest system I wrote for. When it wasn’t being abused by student jobs, the PDP ran RSTS/E. UNIX was considered rather primitive at that time. I later wrote a little bit of IBM’s VM/ESA 2.0 operating system, but I decided to get out of the operating systems game because the field seemed to be dominated by the hardware vendors.
  3. I live in a house that had a busy morning on April 19, 1775. Benjamin Hosmer was brother to Joseph Hosmer, who spurred the Minutemen into action at the North Bridge with his cry, “Will you let them burn the town down?” Sarah Hosmer, Benjamin’s wife, takes her eternal rest in a gravesite behind the house with their infant daughter. Mother and daughter died in the smallpox epidemic of 1791 and were buried promptly, in accord with the practices of the time.
  4. I have seen original message flimsies of two orders given to the U.S.S. Enterprise (CV-6) in WW2:



    The first message initiated formal hostilities by the U.S. Navy against Japan; the second was sent from the Enterprise to the Hornet to launch the Doolittle raid.

  5. I dig Nashville and I really like Dolly Parton’s music. She’s put out a lot of terrific albums.

But, bloggers… I think I will have to get some folks blogging so I can tag them! I know Senor Duck, of course, and Sim Simeonov, but they’re already tagged.

Jay Forrester

May 8, 2006

Di and I had dessert with Susan and Jay Forrester Saturday evening. We talked about trips we'd taken, about his youth in the Nebraska sand hills, and generally chatted. I didn't know we'd been talking to a pioneer of computing and system dynamics until after Jay and Susan had said good-night; one of our companions, who knew I was in computers, clued me in.

He reminded me of my father-in-law, Jim Haggard, whose father had also grown up on a ranch and left the prarie life behind. In grandfather Haggard's case, that was to go to San Fransisco to work in the Union Pacific railroad's accounting department; Jay came to M.I.T., as he recounts in this memoir [PDF].

It's remarkable to recall, as Jay does in his memoir, that the capabilities of those early systems grew by measures that are much, much greater than what we see today. And those of us on the software side of the house have yet to catch up to those leaps and bounds.

But what I mostly recall is how friendly and unassuming Jay is. I'll have to start reading his books!

In Memory and Celebration: Winston Ford Harwood

May 5, 2006

Winston Ford Harwood

November 14, 1990 — April 28, 2006

Old Girl RestingOur wonderful and (wonderfully) whacky Winston departed our world last Friday. She was just shy of 15 1/2 years old.

Winston's bright spirit never failed, and she enjoyed family life and her daily walks to the end, but in retrospect I think she was living by willpower — her will to please as much as her will to live (and sheer Samoyed stubbornness). Her tired old body was probably ready to pack it in late last year, but we were not ready, and she staged one of her many great comebacks and had a happy holiday season. By late winter, her appetite was flagging again, and it was evident that the old girl was running on fumes.

Winston was a paradoxical teacher; she was one of the least subtle beings I have ever known, but many of the things she taught me were subtle indeed. What I finally came to realize was that I was waiting for a disease, or some obvious external symptom of failure; but Winston had a life, and like all lives, it would have an end. We could choose to give her a gentle, graceful, and loving end, or wait for something harder and more desperate to overtake us. On these terms, we could only make the gentle choice, and live with a few pangs of anticipatory grief.

Winston's final week was full of love. We modified her kidney disease-control diet to include quantities of Milk Bones, cooked chicken, and hamburger drippings, and this revived her appetite remarkably. Ritz Canine sent a veritable parade of dog-walkers who'd walked Winston over the years; they gave her gentle walks and in many cases said their good-byes. Winston's wonderful groomer/therapists, Andrea and Anne Iadonisi of Sirius Services, came to our house on Thursday and gave Winnie a massage.

I was fortunate to have a light load of meetings last week, and so I worked at home as much as I could and gave her lots of hugs and head scratching. She was never alone for more than a few hours, and people were with her from mid-day Thursday until the end. One of Winston's human "siblings," Joshua, was able to make a quick trip home from college to be with her and with us.

Dr. Tucker from Concord Animal came to the house on Friday to administer the anesthesia. Our Rector of Trinity Concord parish, the Rev. Tony Buqour, was also with us. Tony is a dog person and shared some stories of his own dogs, memories both joyous and difficult. In a typical Dovecote moment, our contractor came to the back door moments before Dr. Tucker was expected. This fellow, Richard Gervase, and Dr. Tucker are both tall, rangy guys with flowing hair and a beard, and for a moment we thought Dr. Tucker had arrived… very informally dressed. Perhaps he'd been out at a large animal call? But once we had that sorted out, Dr. Tucker did arrive in his lab coat.

We brought Winston out into the back yard, on a beautiful spring morning. The apple trees are just beginning to flower here, the sun was shining, it was warm but not so warm that Winston got hot. She was happy to have lots of people around, and greeted all with her customary verve.

We laid her down on her "Winston" bed and Dr. Tucker gave her the injection. He is a good vet. and she died instantaneously. She was in no pain, had no fear, and she was in my arms.

Winston's GardenWe had a simple pine box made for us by The Old Pine Box in Deadwood, NM — gotta love the 'Net — and we buried Winston just on the "freedom" side of the old fence line. We have not had fencing since about 2002, when she learned to escape pretty much at will, but the track she wore in the hillside patrolling the fence is still there.

She is beyond all boundaries now.

Tony read to us from the work of Catherine of Sienna, who I have since learned was known, as Winston was, for "great gaiety," and whose final day on Earth was April 29, 1380. I do not have a copy of the manuscript, so I must give it to you as I remember hearing it:

"The love that we share with God's creatures is a part of the love that God shares with us." She had a sense of love resonating through us and through the world.

I have always remembered the magnificient passage from Henry Beston's "The Outermost House," with which my aunt and uncle James and Norma memorialized their treasured companion Elaine:

"We need another and a wiser and perhaps more mystical concept of animals. […] In a world older and more complete than ours they move finished and more complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear. They are not brethren, they are not underlings; they are other nations, caught with ourselves in the net of life and time, fellow prisoners of the splendor and travail of the earth."

I grew up with lots of dogs. They were our environment, and in the manner of young people, I took them for granted. I loved them, hated them, played with them, and fought with them, but I did not see them for who they were. To me they were animated toys, or at best they were imperfect brethren.

I remember the shock I felt when I finally really saw one of them and thought, "she's just like me!" And what I meant was what Beston writes about: there was a whole 'nother world before me.

And, finally, Winston. There are four memories of Winston that are most vivid in my mind:

The night we brought her home for the first time, and John held her in his lap, talking to her quietly, introducing her to the world.

The time after Anne died, and Winston and I were alone; some nights I got down on the floor with her, and pressed my chest up against hers, just to feel another heart beating.

Our runs through the woods, with great joy flowing through us.

And last, I remember the first time she struggled to get up and failed, when I realized she had become an old girl, while I was again not paying attention.

But that was four years ago. We learned to care for Winston so effectively that we finally had to learn to let her go.

She meant so much to me that she took a part of me with her, and she left part of herself with me. And she gave me a final lesson as a parting gift.

Indulge me while I take this writing back to Catherine of Sienna by way of a Taoist sage who was part of the Lao-Tzu collective. Many of the Taoists' lessons focus on "immortality." One starts with the question, "can you learn to live deep within your heart?" Winston never lived anywhere else.

She did not attain some kind of dime-store immortality, but she is still what she always was, a note in the great song that resonates through all life, which we call by many names, all of them insufficient. Deep within her heart she was and is forever close to it.

So that is what I ask of you: live deep within your heart, and take great wonder in life, and greet your fellow creatures with joy. That is Winston.