I have really been focusing a considerable amount of energy on security lately. I have been looking at some of our conventional wisdom and trying to decide how it fits in with our current world. Is it still relevant or does it needs some to be updated.

That brings me to the topic of tonight’s post, the secret question. The secret question is the one that many of your more important services will ask you to supply an answer to so they can verify who you are. The most common question is what your mother’s maiden name is. They will also ask things like, where were you born, what is your dad’s middle name, what was your high school mascot, and many more just like that. The problem with these types of questions is they are easy for someone to socially engineer out of you.

My philosophy is this. Questions that have real answers are easier to answer than questions that don’t have real answers. When you are asked for your mother’s maiden name, pick a word or name or even a series of alphanumeric characters to supply as your answer. Don’t use your mother’s real maiden name. It is easy for someone to find out your mother’s maiden name. Hell, she might even tell them if they ask nice enough. They won’t be able to find out her maiden name is $fop()5tHg.

For many years, the conventional wisdom has been to never write down your passwords. You are suppose to make a strong password and remember it. This practice is very secure, however it is not practical in todays electronic society. Remembering 1 strong password is easy. Remembering 100 is a completely different thing.

In my opinion, forcing yourself to remember the strong password means you will use the same password in multiple places. This will leave you very vulnerable if your password is ever compromised. This also brings the “weakest link in the chain” effect into play. Your banks computers may be strong and your account information may be very secure on them. That internet message board or website you register with may not be as secure with the password to your electronic vault.

I carry a journal with me that has my passwords. I also guard the journal the same as I do my wallet. A journal may be overkill for most people so you could also write down your passwords and a single sheet of paper and store them in your wallet. Make sure you make a copy and stick it with your other valuable papers in a safe or safety deposit box. I create unique passwords for all of my sites and I write them down on a dedicated section of the journal as soon as I create a new account. I also don’t use words or dates in my passwords. Those are a lot easier to brute force than tougher passwords. For example, your name and birth date isn’t a good password. #eL9~ukl5f$ is a good password. EDqz~!)Oy$R:>jp;sd80_xCY}P=1^NVi41{.%GwPB”Dfqo4P,gentAG is an even better password. That last password is a 63 random printable ASCII character password generated by GRC’s Ultra High Security Password Generator. If someone can break that password, they were going to get your info anyway. I know some people have a tough time generating their own passwords so use that site. Steve Gibson of GRC is a legend in computer security.

It is ok to write down your passwords as long as you protect them and make sure you use different passwords for every logon you need. That way if one password is compromised somewhere you only have one password to change.

Well, like most other people I upgraded my Foxmarks to version 2.0 recently. What a pain in the ass that was. I should actually read the release notes to see why we needed a new version. The biggest change is probably the bookmarks file itself. I see it went from .xml to .json. Hopefully there is a good reason in there to account for all the headaches caused by the upgrade.

I had been using the custom FTP settings and had plenty of trouble getting it to work after the upgrade. This is what I did to make it work. First, set up your custom FTP server address. I could never get Foxmarks to work when I put in the URL to my FTP server. I had to put in the IP address on several different computers and it would finally work. That looked like this:

ftp://XXX.XXX.XXX.XXX/foxmarks.json

Not sure why Foxmarks is having DNS problems but that seems to be the case. The FTP server answers to the url just like it should. The only thing I can think of that could be causing it is the server is is using 1 ip for different websites and using the host header to forward the traffic properly. If that is the problem, it explains why so many people are having trouble with the custom FTP settings after the upgrade but some say theirs works fine.

The second part is getting the .json file up there. You have to go to a computer with the old bookmarks up to date. Then manually upload that set of bookmarks after you have upgraded Foxmarks. Now you have a .json file on your ftp site. Go to your other computers and configure their Foxmarks settings. Now you can force download the new Foxmarks file.

We currently have a iRobot Roomba and love the thing. It does a wonderful job of helping keep the house dog hair free. You just press a button and it vacuums for a couple of hours then goes back to it cradle to recharge. Now that is my kind of house work.

The back of my house has gutters that are at least 30′ off the ground. So you can imagine my glee when I saw an ad for the iRobot Loojâ„¢ 120 Gutter Cleaning Robot. I’ll report back when I actually get one.

I came across an awesome website for computer wallpaper the other day. Mandolux.com has some really cool photographs for your wallpaper but they also offer them in the sizes us geeks need. They have sizes from the smallest at 1024×768 to the largest at 2560×1600. They also break each image up and offer them in right and left monitor configurations for those of us running dual monitors. Awesome site! Here is a pick of my left monitor.

I just upgraded our macs at work to 8 new Intel based G5′s with 30 inch Apple Cinema Displays. The displays are fantastic by the way. I have also found myself needing to remember the Apple/Macintosh boot keys again so here are some for reference. I’ll update this list as I come across new ones.

1. Command S = boot into single user mode
2. command V = boot using verbose mode (all messages)
3. X = Reset startup selection and boot into OS X server
4. Shift = Boot into Safe Mode (press as soon as mac is on and hold down)
5. option = boot into open firmware target disk mode
6. Command + Option + Shift + Delete = bypass internal hard drive on boot
7. T = boot into firewire target disk mode
8. C = Boot from CD or DVD drive
9. N = boot from network
10. Command + Option + P + R = reset PRAM
11. Hold Down Mouse button = Ejects any removable media

Bonus Commands After Boot is complete

1. Command + Shift + 3 = Full Screen Shot
2. Command + Shift + 4 = Adjustable Area Screen Shot

I was very excited to log onto Google Mobile recently and see the Google Reader added! This adds a great level of productivity for me and my Motorola Q. I can now login and go through blogs anytime I have some downtime no matter where I am. The interface works very well and is fast just like you would expect from Google.