onfocus

"To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it."

Mat Honan is experiencing a nightmare cascade failure of interconnected services. This is a good reminder to back things up and make sure your passwords are unique for each service.

Some good information here about using Google's iOS Authenticator app to implement 2-factor authentication at any website.

"Sears used to sell houses by mail." Someone please put old catalog pictures side by side with modern pictures of those houses still in use.

"From now on, when I want to visit Facebook, I’ll be using the private browser setting in whatever browser I’m using." This is my new strategy too. What a hassle.

ok, this is worth getting upset over. Update (9/28): Facebook Fixes and Explains.

Ben discusses Moore's law, Internet = Modernity, and changing expectations. I love the "translator" metaphor to describe our generation that has lived in both Internet and non-Internet worlds.

Interesting look at "password padding" to create memorable AND secure passwords. [via Ask MeFi]

"We’re not going to have a jobless recovery. We’re going to have a jobless future." Painful post to read but it makes sense. Now what?

"When people say there are no easy solutions to our problems, I don’t think they are thinking hard or creatively enough. If our problem is that we don’t have enough technically trained Americans, why are we not focused like lasers on educating people?"

"The kind of naming policy that Facebook and Google Plus have is actually a radical departure from the way identity and speech interact in the real world."

Deconstructing the new Gmail/G+ interface for design ideas.

ok, it's 2011. No site is perfect, but it probably is time to shame sites that store plain text passwords. Especially those sites from big companies with the means to change things.

Dear media, please give Andy Rutledge complete control over the design of your sites. Thanks.

Great security reminders. A password made up of three distinct words is fairly secure against a brute force attack. If developers build in a delay after failed password attempts that also helps deter brute force attacks. [via capn design]

ugh, this isn't good. "The fructose component of sugar and H.F.C.S. is metabolized primarily by the liver, while the glucose from sugar and starches is metabolized by every cell in the body. Consuming sugar (fructose and glucose) means more work for the liver than if you consumed the same number of calories of starch (glucose)."

"...your visitor will have a limited amount of time (specified by you) to fill in the form and send it. And if a spammer tries to post information to your form processor remotely they’re going to hit a big fat roadblock."

"...you can create a honeypot form field that should be left blank and then use CSS to hide it from human users, but not bots." Pure CSS bot thwarting.

"But it is now also possible to use a Multi-domain UCC SSL certificate. This allows you to have a single certificate which covers up to 150 domains."

This is a good answer about responding to a server intrusion. The stuff of nightmares, but it's good to think about how to respond to a crisis when you're not in the middle of a crisis. [via anil]

A simple way to set up a mod_evasive style defense with the more popular mod_security.

"mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack." Filed for (hopefully) non-use.