|
Register | Sign In |
|
QuickSearch
Thread ▼ Details |
|
Thread Info
|
|
|
Author | Topic: Felger Sounds Off on Internet Insanity | |||||||||||||||||||||||||||||||||||||||
Percy Member Posts: 22505 From: New Hampshire Joined: Member Rating: 4.9
|
PaulK writes: What's the password security like here, Percy? I plan to improve the password security with the latest and greatest in 5.0, but right now we use the standard Unix crypt() utility program made available by PHP. There's no decryption algorithm for crypt(), but its passwords can be easily broken using programs that are widely available today. For this reason I put EvC Forum passwords through an extra little step that makes it more difficult for users of these programs. Passwords are of course stored in encrypted form. Even if the database is compromised and all the encrypted passwords stolen, hackers will still have a bit of work before them. We had a break-in a few years ago that gave me a crash course in website and database security. We're much more secure than we were, but not as secure as we're going to be. --Percy
|
|||||||||||||||||||||||||||||||||||||||
Percy Member Posts: 22505 From: New Hampshire Joined: Member Rating: 4.9 |
I'm going to have to retract one thing:
Percy writes: There's no decryption algorithm for crypt(), but its passwords can be easily broken using programs that are widely available today. Crypt uses DES (Data Encryption Standard). It was proven it could be broken over 20 years ago. But it apparently takes a great deal of effort and talent to write a DES-breaking program, and I could find none freely available on the Internet. I find this surprising. If anyone finds one let me know. --Percy
|
|||||||||||||||||||||||||||||||||||||||
Percy Member Posts: 22505 From: New Hampshire Joined: Member Rating: 4.9 |
NoNukes writes: and I could find none freely available on the Internet
Might be due to lack of current interest. Then DES is secure again! Seriously, although some quarters mention the easy availability of such programs, when I actually tried to find one what I found was how incredible an effort it was back in the late 1990's to create demonstration programs, the first one including the use of hardware. From the Electronic Frontier Foundation's Cracking DES webpage:
quote: Perhaps you have the option of upgrading from DES. Oh, indubitably. As I mentioned in Message 80, security improvements are coming in 5.0. --Percy
|
|||||||||||||||||||||||||||||||||||||||
Percy Member Posts: 22505 From: New Hampshire Joined: Member Rating: 4.9 |
NoNukes writes: You are safe primarily because there is no value to be found in cracking the password system here. People often use the same name and password at sites like this one as they do at other sites, like banks and stores and so forth, so the approach some hackers take is to attack the least secure sites in the hope they'll gain login information that can be used at other sites. The bank and medical websites I use have started detecting when you're using a new device or computer and put you through an additional level of security. When the hackers broke in here back in 2010 they found an old text file from around 2003 that was tucked away in an innocuous subdirectory where I had evidently been doing some debugging, and then I never deleted it afterward. Before I caught up with them they had hacked the EvC Forum Skype account, where I was using the same name and password. --Percy
|
|||||||||||||||||||||||||||||||||||||||
Percy Member Posts: 22505 From: New Hampshire Joined: Member Rating: 4.9
|
Call to IRS refund assistance line during their regular business hours:
--Percy
|
|||||||||||||||||||||||||||||||||||||||
Percy Member Posts: 22505 From: New Hampshire Joined: Member Rating: 4.9 |
David Pogue does entertaining TV shows on technology, was the techology columnist for the New York Times, and is currently a columnist for Yahoo and Scientific American. In his Technofiles column titled Dumb Design (sorry if that link doesn't work, sometimes Scientific American locks their stuff up pretty tight) of the April Issue of Scientific American Pogue summarizes a few of his complaints. Here are some excerpts with my comments.
Have you ever tried to cancel a service on a company's Web page? You look everywhere, but you just can't find the Cancel option. It's almost as though the company has hidden it on purpose. Pogue is much more forgiving than me. While I accept that much bad design is not on purpose, the hiding of the "Cancel" option is not one of them. Amazon Prime used to hide it really well, not sure if that's still true. If you sign up for New York Times Premiere using their webpage, do you know where the "Cancel" option is? It doesn't exist. You have to call them, go through their voice menu system, wait on hold for a while, then explain that you'd like to cancel your Premiere subscription. "Can I ask why, sir?" Hey, my time is worth nothing, waste as much of it as you like. To their credit, Netflix makes it really easy to cancel. And their user interface is excellent! Amazon should be ashamed. A common way to get burned on the Internet is to sign up for a free offer with no charge as long as you cancel before the free period ends. Some companies are wonderful, sending you a nice email that the free period is about to end, along with a "Cancel" link. Other companies are not so good, so now before signing up for free offers I make sure I can find the "Cancel" option first. The last free offer I signed up for was Apple Music. It was bad when it was called Apple Beats, and it's still bad, so I'll cancel soon. There's a reminder in my calendar, including a note to myself about where the "Cancel" option is. Apple Music reminds me that I should comment about Pandora. I use Pandora when I'm working, but I had to spend time on other issues for the past month and hadn't listened to Pandora in a while until yesterday. Maybe they've made an improvement, or maybe they changed an algorithm, but the channels now seem to be playing a more accurate *and* larger selection of music. Nice!
The mobile era makes the challenge even greater; it's especially difficult to cram a lot of features into limited screen space. Very true. I like a big screen and a normal keyboard, so I wait until I get home before checking stuff online. I don't feel the need to be constantly interconnected.
At the moment, millions of people, stymied by terrible software design, blame themselves. I must just be a dummy, they might mutter. I guess I'm some kind of Luddite. Pogue is describing exactly the attitude I opened this thread to combat. People, it is not your fault! These apps (or whatever) suck!
In fact, though, if a control doesn't work the way it should, or it isn't sitting where it ought to be, it may well be the designers' fault, not yours. Ya think?
But in other casesmany, many other casesit seems clear that the creators of bad interface design just weren't thinking. Sometimes designers *can* be blamed for bad designs, but we can't ignore that bad design is often not the fault of designers. Too often design projects are given too little time and too few resources. Over the years designers eventually become habituated to having only enough time and resources to do a bad job. It makes sense when you think about how often apps are updated. Constant change to keep up with incessantly changing demand is necessary and important and has to be done fast under great time and money constraints. Most software goes out the door with designers and coders crossing their fingers that all the stuff they know is bad or wrong or broken doesn't cause too many problems. Of course many companies have a ready solution for all the problems in their software: they make it near impossible to contact them and complain. Pogue makes four specific suggestions for how design could be improved, but I found them either wishy-washy, too general, or vague, so I won't describe them. But I do see a disturbing trend, and that's the emergence of some user interface standardization. Standardization is great, very welcome, makes it easier to use a new app or website, but some standardization is as bad as the QUERTY keyboard. I'd hate to see some examples of poor interface design become standard. By the way, this standardization isn't happening because of the good graces of the high-tech industry, at least in my opinion. It's happening because underneath the surface they're standardizing on software libraries like AngularJS and Bootstrap and others. User interfaces implemented using the same software libraries will tend to have a certain sameness of structure and behavior. --Percy
|
|||||||||||||||||||||||||||||||||||||||
Percy Member Posts: 22505 From: New Hampshire Joined: Member Rating: 4.9 |
My previous post mentioned that I had tried Apple Music, didn't like it, and was planning to cancel as the end of the free trial period approached. Well, I "cancelled" Apple Music, and it wasn't easy. What should have taken at most five minutes took an hour. Here's what happened. Things I think are buggy or wrong or absurd are in bold red.
Why didn't it work in Chrome? Who knows. Was it the popup blocker? The ad blocker? A bug? I don't know, I've wasted too much time on this already to afford the time to investigate, but here are my specific complaints:
The impetus for this post is that it was just announced at Tech Times that "Changes on Apple Music will include a major design overhaul." Geez, like it wasn't obvious that was needed back when Apple Music was called Apple Beats. In fact, this was just a marketing ploy. Apple Music was just Apple Beats with a few superficial changes. The article continues:
quote: If Apple Music is thriving then that is very hard to figure, though I will say it has one very nice feature: You can play any random song any time you like, and you can also build playlists (I assume of any length) from all songs from their library and your own. You can't do that with Pandora, I don't know about Spotify. The article goes on:
quote: My own opinion is that Apple should first focus on making Apple Music as good and bug-free as Pandora and Spotify. My music app use only takes advantage of the "station" feature. Apple Music stations will just go dead (refuse to play), stations can be seeded with only a single song or group, there's no up/down voting to hone your station, stations cannot be renamed, stations cannot be sorted by name or other criteria, and stations cannot be deleted (they just go to the end of the list). In short Apple Music reflects woefully insufficient attention to design and quality. --Percy
|
|||||||||||||||||||||||||||||||||||||||
Percy Member Posts: 22505 From: New Hampshire Joined: Member Rating: 4.9 |
On your PC, go to your Facebook homepage. In the lower right is the chat box. Any dynamic menus that come up display *behind* the chat box. For example, click on your name to go your own info page. Hovering your mouse over "More ▼" will raise a dynamic drop-down. Size your browser window so that "More ▼" is just above the chat box and when you hover over it the dynamic drop-down will be behind the chat box.
You can click on the top bar of the chat box to make it collapse into a little box at the bottom of the browser window, but this only makes it less likely the problem will affect you. The chat box cannot be made to completely disappear. This happens because z-index for the chat box is set to 300, while for dynamic menus it is not set (which means "auto"), leaving it at the default level, the same as static content. As a positioned element it will always be displayed above static content, but below any layer with a defined z-index, including 0 (giving a layer no z-index is not the same as giving it a z-index of 0). Good design requires z-index values with good separation. When unspecified with no defined value to inherit z-index will be displayed just above static content, so values for higher layers should be 10, 20, 30 or 100, 200, 300 and so forth. A z-index of "auto" for dynamic content is bad design because it makes it impossible to position new objects like the chat-box above some layers but below others. What Facebook really wants is for the chatbox to be above the static content but below dynamic drop-down menus. This many years along fixing the initial bad design may not be easy. Glancing at their dynamic menu HTML I see they have many layers of HTML and many CSS classes. Figuring out where to make the CSS change for the dynammic menu's z-index could take some time. Of course, Facebook can afford to fix it, so why don't they? I have no idea. A quick Google reveals that Facebook has been having z-index issues for years. --Percy Edited by Percy, : Correct directions in first paragraph.
|
|
|
Do Nothing Button
Copyright 2001-2023 by EvC Forum, All Rights Reserved
Version 4.2
Innovative software from Qwixotic © 2024