jackofallgeeks: (Diastole)
So, I Posted about this 'Miracle Fruit thing back in February, but as it's cropped up again on my Friends Page and I think it's worth noting, I'm reposting.

The long and short is there's this fruit with a 'glycoprotein' that makes sour things taste sweet. It's apparently been used for centuries, it's heavily marketted in Japan, and has seen both low-cal desserts and relief for people with diabetes -- two things, I think, that Americans would be very interested in.

Unfortunately, the FDA has banned the Miracle Fruit, for apparently unknown reasons. It's not hard to imagine that pressures from Big Sugar and diabetes-pharmaceutical lobbyists might have had an influence on the decision. Some seem to think the FDA fears that miraculin (the glycoprotien I mentioned) might mask the flavors of Aspirin or other things that are toxic in high quantities (and kids might eat them! Think of the children!), but there seems to be a Lengthy Paper saying that won't happen (ie, miraculin won't mask said toxic thingums).

So, there you have it. The FDA is keeping us from some very interesting cuisine experiences, likely because they're being paid to by people who profit otherwise.

GameSwap

Mar. 18th, 2007 01:40 pm
jackofallgeeks: (Default)
I think GameSwap is a great idea, and actually something I've been wanting for a long time. The idea is that you put up used games that you've tired of to trade to people who haven't, and in exchange can trade other people for games you DO want. There's a HUGE turn-over rate for video games, especially for hard-core gamers who get better value renting than buying, and none of the places like GameStop of FuncoLand offers a suitable buy-back or exchange rate. With this service, you can get a good value for your old game and fine the old, out-of-stock titles you'd like to own.

It's all mail-based and it's not free -- it runs on a credit system, which you either get for swapping games to other people or purchase yourself from the GameSwap site -- but it's completely legal (nothing wrong with selling or bartering objects you own) and a great idea for anyone with old, unused games laying around. (I don't THINK they have a reverse function to give you money back for credits earned, but it might be something they should look into; if I can 'sell' my games on GameSwap then everyone wins once I decide I'm done gaming; no reason to swap them for credits I can't use if I can just hawk them at a garage sale.)
jackofallgeeks: (Decepticons)
I think that most of the information in This Article is rather straight-forward, almost common sense. But then, I'm technically a security professional, so that's to be expected. Good, baseline advice on passwords that everyone should take note of.
jackofallgeeks: (Contemplative)
A friend linked to This the other day, and I think it's worth passing around. I think there's a lot that I could say, but I'm not really sure how. Part of me thinks that some of the things he says just highlight some of what's wrong in the world today.
jackofallgeeks: (Dance)
This, my dear friends, is proof positive that there is a God.

In short: Lucas is releasing the unedited StarWars trilogy on DVD.

Lest I rave like a lunatic, I'll stop here, and eagerly await September.
jackofallgeeks: (Geeky)
Hey, they've got some new neat tricks with lj markup, particularly the lj:// link tags.

PSA

Nov. 30th, 2005 01:04 pm
jackofallgeeks: (Default)
Because it still seems to be the case, and some may not yet know about it, yoinked from [livejournal.com profile] dreamerdevie:

In case you hadn't yet noticed, lj comment email notification is not functioning properly. They are aware of the issue and are working on it at the moment, but it's still not working fully as of yet.

So, if you've posted stuffs and people haven't responded (in your email), you may want to check your journal. They could have responded and you just don't know yet.
jackofallgeeks: (Chivalrous)
Boy Kidnapped in California.

The further this goes a long the weak a connection it will be, but a classmates' friends' brother has disappeared. The family believes it to be a kidnapping, as he was last seen being followed by a strange man, but the police are marking it as a runaway and won't raise it, so they're looking for grass-roots help in finding him. The linked page gives details. I know most of you on here aren't anywhere near California, and it's a big state even at that, but I figure it might be helpful to see if we can spread the information around some, through LJ or other channels, in hopes of finding him.
jackofallgeeks: (Default)
Apparently, there's a virus going around using AIM as a vector.
You'll get a message (or two, in my case) saying "http://www.myspace.com/06242/myspace.pif is that u ", where the URL is also a link. Clicking the link takes you to the resource -- Firefox asked my where I wanted to save it, but I'm not sure if IE will work the same way, so don't click the link. Pif is apparently an MSDOS executable file.

I didn't find much Googling for it, so this may be a new-ish threat. I did find This, which may be talking about the same thing. If so, it looks like the thing just sits on your box and takes up progressively more memory as you run programs.

Just an FYI. Don't click the link. People used to say "don't open things from strangers," but this will come from your friend. They also say "don't open executables," but I'm a CompSci guy and didn't know .pif was executable (I thought it was an image, like .png, which is probably the whole idea). So the new rule is: verify links with your buddy before you open them. If he says, "No, that's a virus," don't open it.
:p
jackofallgeeks: (Geeky)
So, a friend of mine recently got a message from LiveJournal telling her that her password was weak and that she should change it. Like so many users, she's was confused, because surely there was no way that anyone could guess her password. Someone else commented that they got the same, and their password was really hard to guess, too.

The thing is, yes, 'wubbliewoo' may be very hard for a human to guess, but we're not concerned with people sitting at the login screen trying to guess your password themselves. The problem is that a computer program may be trying to crack your password, in which case 'wubbliewoo' is trivial.

Special attacks aside, a computer program can do a Brute Force attack, where it tries all possible combinations of characters based on the alphabet in use and the length of the password. It tries 'a' then 'b' then 'c' moving onto 'aa' and 'ab' and 'ac' into 'ba', 'bb', 'bc' until it's trying 'hyttj' and 'hyttk' and so on. It tries everything, and when it finds a match, it has your password.

Brute Force will find your password, guaranteed. But it's a relatively slow process, if you make your password sufficiently difficult to guess 'for a computer.' This means a long password made of characters from a large alphabet. If you have only lower case letters in your password, you have an alphabet of 26 characters. If your password is then 4 characters long, there are 26^4 possible strings it could be, from 'aaaa' through 'zzzz'. That's nearly 500,000 strings, but we're talking about a machine that can make hundreds of thousands of guesses in a second. if you add a capitol letter to your password (even one capitol is enough to make the program have to try harder) then your alphabet is 52 characters, and 52^4 is a lot bigger than 26^4. Generally speaking, a strong password is considered to be at least 8 characters in length, using three of the four types of characters (upper case, lower case, numbers, and symbols). This puts you in the range of 92^8 or so, which will take a computer 6 to 12 months to break -- and presumably you'll have changed it by then. These policies about password make-up and duration aren't made to make your life difficult -- I've personally used a program that could crack a 52^8 password in under 5 hours, max.

The math in all of this is fascinating, but I'm saving you all from most of it.

"But how will I remember it?" My friend asks. Well, if you have a weak password, it's not hard to do minor changes (as far as a human's concerned) that will make it significantly harder for a computer to guess. The password 'foobar' is not the same as 'Foob@r', and just those two changes bump it from a 26^6 password to a 92^6 password. Additionally, though they say "don't write your password down," as long as you aren't concerned about someone in your immediate vicinity cracking your account, and you take precautions to keep it mostly-hidden from visitors, there's no reason not to. it's a bad idea for a manager to write down his password at work and leave it on his desk, but an LJ password at home is a significantly different situation.

DO NOT post your password online, anywhere. Seriously. if something's online, it can be found, period. The internet is so complex, and the 'rules' can be gotten around so simply by someone who knows what they're doing, that it's just a supremely bad idea. I'd advise stenciling your password to the side of you monitor before posting it online; much, much safer.

Caveat: OK, I really don't like making people paranoid, so I thought I'd add this in here. Yes, the internet is a dangerous place. if it's on here, it can be found. And yeah, if someone wants to crack your password badly enough, they will. But that brings us to the biggest protection anyone has on the internet: you're simply not important enough. And I don't mean that personally; in general, none of us are that important. If someone got my Bank info, he might be able to get, I don't know, a couple hundred dollars. If they hijacked my LJ, they could probably make me look pretty bad socially. But with the effort needed for either, the pay off just isn't that big. Now, someone like TheFerret, who's so well known her gets a mention in blog entries totally unrelated to him by people who don't even read his stuff -- he might want to be particularly careful about his security. The point is, you aren't important enough to put a lot of effort into, but if you have a weak password, it's not a lot of effort. No one's going to run a program for three months to hijack your account (unless you're the aforementioned TheFerret, maybe), but if they just have to run it for 5.2 seconds, it's trivial. The point is to make the payoff not worth the effort.

Profile

jackofallgeeks: (Default)
John Noble

August 2012

S M T W T F S
   12 34
567891011
12131415161718
19202122232425
262728293031 

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 26th, 2017 05:39 am
Powered by Dreamwidth Studios