Sunday, May 25, 2014

Protecting your identity online

There has been an upsurge of interest in privacy and safety of late due to the NSA scandals and to the Target store data theft and now the Ebay incident.  I've happened to read a couple of technical articles on on-line security and thought you might be interested in what some experts are saying about what works and what doesn't.

If you really, seriously, need to communicate securely online then there are some very advanced things you need to do that might actually foil the NSA to say nothing of your spouse.  However, for most of us, three simple rules can substantially lower the risk of problems.

1.  Don't reuse passwords.  This is the single most important thing you should do.  The way many security problems arise is that somebody steals a file of user ids and passwords.  Since we typically use our email address as a user id and use the same password on many sites, once a thief has a file they just try the userid / password combination on a variety of sites and exploit whatever success they have.  It's hard to memorize a vast list of passwords, but at a minimum you should do the following:

Recommendation: Have distinct passwords for your primary email accounts, online banking and credit cards and never use any of those passwords any place else.

Following that rule insulates you from most of the bad consequences of most of the security breaches.

2.  Use long but not complex passwords.  A fad has developed for password with special characters (like "%") and complex rules about having numbers and upper and lower case letters.  This is usually counter-productive.  "$" and "A" are equally obscure to a computer.  And the more complex our password has to be the more likely we are to reuse them or to put them on sticky notes by our monitor or in a little book, thus creating a far more serious security issue.   You might get away with this at home, unless you live inside the Lifetime Channel, in which case they will be stolen by someone no one will believe would do it.

On the other hand, longer passwords are harder to crack by brute force methods.  So "Koiningsburg979" is a better password than either "Dog99" or "$z*f8)k"

There is one exception to this and it involves passwords formed from common whole words.  If your password is "FriedGreenTomatos" or "LucklessPedestrian" it can be subject to a "dictionary attack" where the hacker systematically runs through the dictionary trying every combination of common words.  This is why some companies limit how many times you can flub your password before having to pay penance by dealing with their voice mail system (one might suggest this limit could be much higher than 3, however).

Unless you have access to truly high value accounts (the controls for a nuclear power plant, or the American Idol voting) you are very unlikely to be the victim of this sort of attack.

Recommendation: Use longer passwords formed from some combination of easy to remember words and numbers.  Consider words that are names or places or not very common.

3.  Change your security questions.  Those well-loved security questions about your first pet, first love or mother's maiden name have become insecure.  With all the stuff we dump onto Facebook and other social media, it isn't going to be that hard to find out those facts about many of us.  So choose more obscure security questions if given a choice "State you first got arrested in" or something like that.  Or start gaming the answers - for example, add "123" to the end of every answer so that your hometown is now "Edina123" and not "Edina."

While these three rules are not going to prevent a concentrated attack against you as a specific target they will dramatically reduce your risk of being caught up in some massive theft of data we regularly hear about.

And if you really do want to be completely secure online?  Get a computer (with cash) that has never, never been on the Internet at all, disable all the connectivity it has, reformat the hard drive, overwrite the unused file space multiple times, print out your correspondence on a printer you bought with cash on paper you've only handled with gloves on and mail letters from random locations that have no surveillance cameras.  That should work.

But to be completely serious: Do Not Reuse Your Passwords (to key accounts) – just please do that and you are likely to be safe for years.

Sunday, May 18, 2014

Thoughts from the road: Ritzville and the Top Hat

In the middle of eastern Washington's wheat country is the town of Ritzville, all 1800 people of it.  Ritzville has one of my favorite motels, the Top Hat.  It's old school: located on the main highway in town, you park in front of your room.  It's gently shabby.  The vegetation is running wild, the  rooms are small, everything is in need of a coat of paint.  But it is clean, quiet and just $45 a night.  For that you get a mini-fridge, a microwave and a slightly malfunctioning TV.  I've spent three times that amount on a motel and enjoyed myself much less.

Ritzville is typical of rural towns.  It was a major shipping point for wheat in decades gone by, but time passed it by.  The interstate did what interstates do, passed the city just to the south and destroyed main street business and produced a litter of fast food places and modern hotels at the exit ramp.  The downtown of brick and stone buildings, built a hundred years ago with so much hope in an unlimited prosperous future, now often are empty.  There are no tourist attractions of note anywhere close.  This morning I walked down the street that is the old highway and didn't encounter a car for over five minutes.

The town is trying.  The historic buildings downtown have plaques  explaining their history.   The old depot has been restored as a museum and there is a well-kept little park with some public art.  A series of local festivals are still being done.  A surprising number of homes are well-maintained.  But many homes are run  down and the sense of slow decay and death being the inevitable future is hard to avoid.

The last time I stayed at the Top Hat the owner was trying to sell it.  He was ready to retire and his wife was ill.  They spent a lot of time chatting with me.  My curiosity about the hotel business he hoped was a the inquiry of a potential buyer and he offered to drop the price by $20,000 to increase my interest in it.  When I returned this year I was afraid the hotel would be shut, like the one two blocks down which is slowly being reclaimed by nature.

There are new owners now, full of energy for cleaning, painting and fixing.  But it is going to be an uphill battle.  If the hotel ran at 80% occupancy for the entire year they'd have a total revenue of no more than $150,000.  On that they'd have to pay heat, light, laundry, maintenance, insurance, taxes, cable and everything else and hope to have enough left over to pay themselves a living wage.  No one will ever stumble over this hotel, they'd find the ones at the interstate.  Few are brave enough now to try the local establishments.  Construction crews are a major source of business.

It's a relaxing place to stay.  I sit on the park bench outside my room on the covered walkway and watch the world, the clouds and the trains go by.   When that gets boring, I can walk the silent streets.

The peace and serenity of these small towns are palpable.   There is time and space to slow down, to unclutter your mind, to focus on what is important.  Emptiness can be a gift, and it's a gift we need and can use.  Fewer things to do mean you can practice attentiveness to the things you do encounter.

I used to think that the internet and UPS would save rural America.  If you can be equally connected to news, culture and entertainment regardless of where you are and anything can be sent to you overnight, why can't a business "insource" to rural America rather than outsources to the 3rd world?  Why wouldn't a group that needed to focus or a writer or artist wanting space and time to work be able to find the inexpensive life in a small (or more likely medium-sized) town work?  Put a call center or shipping point or assembly plant out here.  But it doesn't seem to be happening.

As much as I feel drawn to the peace and simpler life I know I could never live here.  The relentless conservativism would be wearing.  The county voted 66% for Mitt Romney and the same percentage for John McCain.   The perennial split is between geography and culture.  In Willa Cather's My Antonia, perhaps the premiere American novel of the prairie, the description of the land sky and weather is lyrical and deeply spiritual.  The little town is depicted as narrow, suspicious and disdainful of outsiders.  

Unfortunately, that is often the dilemma.   

Friday, May 16, 2014

Thoughts from the road: The Bakken Breakout

A bar in Montana is advertising that it has the "only shuffleboard in town" and has just installed a new Pac-Man machine.   A North Dakota college lists its curriculum offerings, a list that ends with "... welding and music."  Local talk radio is interviewing a person who goes around the state offering seminars on how to survive Obamacare.   

Ah yes, among Obamacare's faults, according to this fellow, is that it takes the health costs of high-medical needs people and transfers it onto the backs of the healthy.  One wonders if he even grasps the concept of insurance.  You know, where if your neighbor burns down his house, you have to pay for part of it because you have the same insurance company.  Sounds like socialism.  Sounds like an insurance plan.

But it is the far west corner of North Dakota that deserves a focus.  The explosion of oil field development is everywhere.  In Dickenson, the ground zero of fracking I picked up a copy of the "Bakken Breakout Weekly", a tabloid-sized paper devoted to chronicling developments.

Reading it, and driving through the region puts one in mind of a Colorado boom town in the late 1800s.  It's all here: rapid influx of unattached men (and some women) being put up in temporary field camps.  An explosion in rent and home prices (a two bedroom apartment is going for $2,000 a month in some places).   Cities scrambling to keep up roads crumbling under massive truck traffic, building schools, hiring police (and subsidizing their living expenses).  One school district is going to a 4 day week to save costs because they can't afford the operating expenses of a fifth day.

I didn't read about any gunfights over cheating at cards in a local saloon run by some modern day Miss Kitty, but I wouldn't be surprised if it had happened.

There are some differences: a company advertises its skill at helping oil companies comply with regulations regarding archaeological issues, historic preservation and consultations with Native tribes.  I doubt that happened a hundred years ago. 

And there is the environment.  Rapid development never looks very pretty.  Oil drilling equipment is strewn about everywhere.  Natural gas is being burned off in flares (something I hadn't seen in years) because there are no pipelines to capture it. 

I hope some sociologists and historians are out here doing research.  It would help us understand that Colorado boom town.

The weekly paper is shot through with issues of the relations of business to government.  The city is ticked that the state isn't giving them enough revenues back from what the state collects.  The Bureau of Land Management is being castigated for standing in the way of progress (cut the government!) – and for not inspecting oil wells fast enough because they lack the money to do so.   A school district, which had lost money due to sequestration cuts has made up for it by increased federal subsidies to districts that have to support students who live on federal tax-exempt land.  A third of its' budget comes from federal payments.  This school district is building houses for its teachers.  Residents of a local trailer court are protesting rent hikes and want – seriously – the government to impose rent control.  How socialist of them.

This paper, and the radio show just how impoverished our language is for discussing the economy's relation to government.  No matter what is happening, the government is wrong.  The talk show host is on a rant about how the BLM won't let you ride your four-wheeler on "your land", by which he means federal land, which he demands be "returned to the states" (that's another government, isn't it?), states that hadn't been formed at the time the feds gained control of the land.

Government is always wrong, even if it is one government complaining about another government.  And even when the demand is that the government do something – like stop letting people with less than a year of experience be in charge of inspecting a pipeline, or inspect those oil wells, or build some roads – the solution is never mentioned, because the solution is to fund those activities.  Then, after a short silence, someone goes on to demand that government get smaller.