New Home

Since the inception of this blog, it’s been hosted at WordPress.com. It was a logical choice for several reasons, predominantly because at the time I didn’t have a reliable web host and also because I wasn’t sure I would be able to commit to making regular updates.

As it turns out I’ve made a number of posts over the last four years and things I wanted to be able to do were being restricted by using a hosting service.

And so we have this new home: http://blog.i-al.net/. Much like the old one, but hosted by me. If it’s broken, blame me.

Security: We’re Doing It Wrong

Don’t worry, this won’t be a long post.

I have long been of the belief that we are going about password security all wrong, and XKCD have successfully visualized it. A few months ago I saw an excellent post somewhere (of course, now I can’t find it) about the basic methods used to crack passwords and how to derive a secure but memorable password that will defeat most of them for long enough between change cycles.

Basically it boils down to brute force, and dictionary attacks. There are also hybrids, but they are essentially combinations of the two. Social engineering, while valid, doesn’t really apply to this argument.

With a dictionary attack, a hacker or script kiddie will have a long list of words that may be commonly used for passwords that they will run through attempting to gain access. So if you use a word like “banana” or “elephant” as your password, it probably wouldn’t take long to be compromised.

With a brute force attack, a hacker or script kiddie will use a system that tries to guess your password by cycling through every possibility and hopes that he eventually lands the right one.

More common are hybrid systems which take words or phrases and use them as the core of a brute force attack, making the attack more intelligent, if you will.

The problem is that deriving a good secure password (as we’ve been taught is secure, at least) can result in a password that is difficult to remember. Personal anecdote time. A couple of companies I have worked for in the past had password systems in place that required a password at least 8 characters long, and that had upper and lowercase characters as well as at least one number. It also had to be changed every month, I believe, and it wasn’t possible to use any password that had been used in the last 12 months.

Most people will agree this is a good idea. Passwords should be regularly changed for various reasons, but having those kinds of requirements starts to become silly and LEADS to insecurity. I reached the point where I had to use an insecure password system (though I wouldn’t tell anyone what it actually was) just so that remembering it wouldn’t be an issue.

The other issue arises when someone needs 3 or 4 passwords to go about their daily business (I have 4, that I can think of that I use regularly) but there is no interconnection between the two. Even worse, there may be different requirements for technical or security reasons. “No numbers” or “cannot start with a number” are occasionally issues. This ultimately leads to people writing their passwords down, which is just not a good idea. Whether it’s in a file on your computer, a note in your notebook, or even worse a post-it taped to your desk, keyboard or even monitor, chances are good someone will find it and utilize it.

Simple rule: keep it simple, make it long, use some form of obscurity. Ideally find a password that will suit all the systems you use so you can keep it in sync, and find a way to juggle it around in a way you’ll remember every time that window pops up saying “your password will expire in 12 days, would you like to change it now? Yes, No”

Schedules

I’ve learned a few things over the last week or more (mostly more). I find organization to be easy in some areas, and difficult in others. My ability to stay on task can sometimes be hampered by my willingness to do things I probably shouldn’t be doing. For example, I’ve recently spent a lot of time (and gas) driving around the area looking for trains to either watch or take photos of. Not something that hurts anyone, but it’s not something I should be doing every day – it’s unproductive and it costs money that is better spent on other things. I’ve also been spending a lot of money on fast food, because a lack of planning means I don’t have time or motivation to stop at a grocery store and get something better for me, and definitely better for my budget.

So this week I’m trying something new. I’ve alotted time for the things I like doing, like trainspotting, and a little eating out, but also making sure that I’m spending my time at home productively, not needlessly wandering around the countryside because it’s what I felt like doing.

So here is roughly how my schedule works:

Monday is very much a domestic day. It’s the day I’ll be doing all my laundry, and after lunch I’ll be making a run to the store to get lunch and dinner supplies for the week (4.5 days)

Tuesday, Wednesday and Thursday are comprised similarly – I spend three hours in the morning working on “something” (this week it’s supposed to be the bookshelf that I stopped working on a few weeks ago for no real reason). Then I make lunch, Tuesday’s and Thursday’s I’ll walk Crash (Wednesday’s will be a cleanup day for either the green room or the bedroom), then I make/organize dinner and go to work.

Friday, assuming I’ve achieved all I set out to achieve during the week, is the day I get to go wandering. I doubt that I’ll go very far every week, but based on the assumption that I’m not going to Staunton or Elkton every day of the week, I can justify making a trip to Charlottesville or Roanoke on a Friday. I also have a few other places I’d like to try out, but it may be that I just take the day to work on things too.

Speaking of schedules, my work schedule is slightly different the next two weeks – to take the day off on Thursday (Thanksgiving) and still be able to make 70 hours for the fortnight, I’m electing to work 8 hours a day over 9 days, rather than 7 hours each over 10 days. Doing that will also mean I get to leave early next Friday, as usually ends up happening.

I’m still working out how I might get close to the 70 hours after Christmas/New Year in order to make up the entire week off for going to North Carolina, but that’s not quite so important.

I just got a message from my Google Calendar that it’s time to leave for work, but I just wanted to add in completely unrelated news, my wishlist has been revised for the 2010 Christmas year (I’ve already had a few questions about whether I was updating it for this year).

Coworkers Discovered Via Mutual Friends

So I was walking my dog yesterday afternoon, when I ran into a family friend. She asked how the job was going, and she asked if I knew a particular person (as I get from time to time – almost everyone in the county either works for Rosetta Stone or knows someone who does. At best it seems there is something like 3 degrees of separation for any person living in Rockingham County or Harrisonburg and employees of Rosetta Stone). It was a rare case where I remembered enough of the name to look them up on the internal directory, and ran across their blog.

I took a brief look at some of the posts and I’m already intrigued. I may spend some of my spare time (I get a lot of that at work, with reimaging and other things I have to wait for) going back through the archives. If you like computer stuff, take a look, but on the surface at least there seems to be something for just about everyone..

http://blog.aharbick.com/2010/11/build_assuming_a_paying_custom.html

Looking for a Christian chat server?

I’ve been using IRC since the late 90’s. Starting with ChristianCHAT.com (when they were still using IRC, and still based on WebNet), I moved to CCNet, then to ChristianWorld, then back again, and then it became a big blur as I discovered a large number of Christian IRC Chat servers. But that was over 10 years ago – the world of Christian IRC has changed several times since then, and the number of Christian Chat servers is in decline.

Especially with Christian-Chat.net closing their IRC server in the last month or so, the users have spread or just stopped chatting. This is my attempt to review as many of the Christian IRC servers I can find, as fairly as I can, although it is also entirely based on my experience as a more-experienced-than-average user. I also try to list the website, the IRC address, and the average number of users at peak. Peak time is usually considered to be weekends or evenings, ranging from about 7pm til 12am ET, and chatters may or may not be active outside of these times – this is just typically when things tend to become active. Lastly, if I’ve missed any – please let me know so I can check them out and add them to the list. I’d appreciate it, and I’m sure they wouldn’t mind the free advertising.

Let’s start with the one I am most biased towards, and then move on with the rest.

UCCN – the United Christian Chat Network. (irc.unitedchristianchat.net, irc.godsirc.com, irc.christian-irc.com, irc.i-al.net)

UCCN is the largest network in terms of servers and services. Using 3 client servers (4 if you count the IPv6 server), UCCN is almost entirely redundant, allowing for any one server to fail and still serve the users. The staff are nice, and the policy is for as much self-government by channels/rooms as possible. Average of around 25-30 real users at peak.

JesusFreak-IRC – the Jesus Freak IRC Network. (irc.jesusfreak-irc.com)

JFIRC is the server that seemed to pick up most of the CCNet users, and is run by former CCNet staff of various capacities. Undying (Jeremy) is the official owner, with Ducky hosting the network on his home server. At the time of writing, the server is unavailable due to hardware failure. JFIRC are a lot more like the old CCNet, using a closed channel registration model, and a much tighter level of control from the server staff. Averaged around 20-30 real users at peak.

RGC-Chat – the RGC Ministries server. (irc.rgc-chat.net)

I haven’t spent a lot of time at RGC’s server, although they seem like a nice enough group of people. Channel registration is also closed, requiring a request to be made for opening a new room. Average seems to be around 20 real users at peak.

aBlazeNet – the aBlaze Network. (irc.ablazenet.org, irc.ablazenet.net, irc.ablazenet.com)

I used to work as an IRC Administrator for aBlazeNet, back around 2003 or so. Not a whole lot has changed – still an open registration model, meaning anyone can register a new channel, and the staff are rather easygoing and don’t interfere with channels unless they need to. Average seems to be around 20-25 real users at peak.

SalvationsCornerSalvations Corner (irc.salvationscorner.net)

Once a hopping place, Salvations Corner is now one of the quietest and most desolate IRC servers I have seen in recent history. With 2 users, not much goes on. I’m sure they’d appreciate some new people! Average maybe 5 real users at peak.

CalvarysLoveCalvary’s Love (irc.calvaryslove.ca)

A while back, Colin (SeekHim) was an active member of the staff at UCCN. One day, some disagreements happened that apparently were unresolvable except by him leaving, and he elected to start his own IRC server. I took a brief look today, and he seems to be averaging the same number as he did those years back. Average maybe 5 real users at peak.

JROI Jesus Rocks on IRC (irc.jesusrocksonirc.net)

To be honest, this one I can’t give an unbiased review towards, because I have been a ban-on-sight user for as long as I can remember. This means I can’t be on the server for more than about 5 minutes before I am shunned (meaning I can’t do anything – noone will see what I say, I can’t join channels, etc), I am force-parted (meaning a staff member forces me to part any channels I’m in, so that it appears I voluntarily left), and then banned from the server. As far as the users see, I join, I say hi, I part, and don’t come back.

The funny part is, I’m not entirely sure why. I endeavored to find out once, and was told (via a third party) about some event where I tried to steal the server. I vaguely recall the event in question, although my recollection appears to be completely different to GadFires (the owner of JROI). I would be happy to discuss this with him, except he refused to respond to any of the attempts I made to talk to him about it.This would also surprise me, except that his reputation precedes him as being a kick/kill/ban first, ignore questions later kind of admin.

As I recall, from the few times I was able to evade bans long enough to actually chat, the users are all rather nice. The staff aren’t always technically literate, but they are very friendly and somewhat happy to chat. They are a younger group, most of them are teenagers, so this should be taken into consideration also. According to SearchIRC’s listing of JROI, they have around 50-60 users. Taking into account services, this has a reasonable average of around 40-50 real users at peak.

Why Are We So Quick?

Matthew 7

Judging Others

1“Do not judge, or you too will be judged. 2For in the same way you judge others, you will be judged, and with the measure you use, it will be measured to you.3“Why do you look at the speck of sawdust in your brother’s eye and pay no attention to the plank in your own eye? 4How can you say to your brother, ‘Let me take the speck out of your eye,’ when all the time there is a plank in your own eye? 5You hypocrite, first take the plank out of your own eye, and then you will see clearly to remove the speck from your brother’s eye.

Why are we so quick to tell people how to fix their problems without being fully aware of, or even considering, their circumstances?

A number of times recently I’ve noticed either myself or others commenting about lack of money, and someone else will be very quick to respond (because it is online) along the lines of “Well, you have an internet connection, surely that is one way you could save money!”

Three situations spring to mind where while money may be tight, cutting the internet would not be of any benefit. The first is of a work-at-home person who uses their home phone and internet connection for work. This is a great idea in my opinion, it saves gas, and if you can motivate yourself to get up in the morning (or whenever you need to work) to do your job at home with no-one watching over your shoulder or cubicle wall ensuring you’re on task, go for it.

The other is my current situation. The internet bill is not addressed to me, nor do I pay it. I use the internet connection in this house with permission (IE: I’m not stealing the neighbors), but this house is also not mine.

The third also applies to me, but more directly to others. A large number of employers are only accessible online. That is, you need an internet connection and an email address to communicate with them in order to have much of a chance at getting a job to fix your impending financial woes.

So, dear people of earth, just because someone has a problem, doesn’t mean you should fix it without asking them some further questions. Maybe your hastily and rudely given practical solution isn’t so practical after all.

The Chicken and The Egg

To quote Chicken Run:

Nick: Here’s a thought. Why don’t we get an egg and start our own chicken farm? That way we’d have all the eggs we could eat.
Fetcher: Right. We’ll need a chicken, then.
Nick: No… no, we’ll need an egg. You have the egg first, that’s where you get the chicken from.
Fetcher: No, that’s cobblers. If you don’t have a chicken, where are you going to get the egg?
Nick: From the chicken that comes from the egg.
Fetcher: Yeah, but you have to have an egg to have a chicken.
Nick: Yeah, but you’ve got to get the chicken first to get the egg, and then you get the egg… to get the chicken out of…
Fetcher: Hang on, let’s go over this again.

Once again, I have a predicament. I came to a small realization today, and that is I have no formal qualifications or certifications in IT, and while I am getting interviews with my current skill-set and experience, I still come out underneath in terms of finding a position to utilize them in.

So I was looking around at A+ and wondering what it would take to become certified. I found a couple of “free” online tests that would allow me to see if I could (in theory) pass the exams. Turns out that with a little training it wouldn’t be all that hard. The reason I say “free” is because it asked me for contact information, and I knew as soon as I clicked “submit” that I’d get a marketing call asking if I’m interested. Turns out I am! But once again we have a chicken-egg scenario.

The organization in question have a (limited time) offer whereby if I am unemployed they can take off 40% of the cost of the program, taking it from $1000 down to $601 (so.. 39.9%?). They also offer the possibility of an interest-free and non-credit-checked payment plan, and have testimonials of specific people who got jobs within a few days of signing up to take the class (simply based on the prospect that they would have the certification within X days).

Once again my problem is having a job with which to fund such a proposition, and requiring the certification that it would provide in order to land said job.

Clearly I need to sit down and reanalyze our options, and maybe drive up to food lion or something for an application there. I just feel bad (and worried in terms of resume) about holding short-term jobs while trying to get “the big one.” At the same time, I can’t just sit around doing nothing while waiting for it either.

Update on the Job Front

To those of you who have been praying for Kelly and I with my job search, thank you! I have an update and an addition to this request, but it requires a little background so bear with me!

I live near Harrisonburg in Virginia, about 100 miles from DC via Interstates. In November I interviewed for a job near Dulles in the DC Metro Area and was offered it but I turned it down because a) at the time I had a part time job, b) it was working 5pm-1am and c) it was paying $36k/yr maximum. C wasn’t so bad, but B was the big killer, as I’m married and my wife works 9:30-6 and we would never see each other except on weekends.

On Friday I got signed up with a staffing agency and did a days work (one day assignment) yesterday, but future assignments aren’t incredibly hopeful based on the number of people they need to assign work to and the amount of work their clients have.

Today I talked with a lady who goes to my church who tipped me off about 2 positions with an insurance company and was also going to make calls to the Sheriffs office and the Courts (she’s worked for them before and knows people) to see if they have a need for an IT worker.

I also got an email from the company in Northern Virginia to say they had another opening from 7am-3pm, this time offering a $36k base salary with up to $6k in bonuses.

This seems, on the surface, like a no-brainer, except that for it to work several things need to fall into place, and this is what I’m asking for prayer for.

If this is what I am meant to do and where I am supposed to be, I am going to need to either get a car loan and find a car (not likely to happen because I have $0 for deposit and fairly bad credit), or find someone willing to lend me a car for a month until the first pay check comes in and my wife and I can sort our financial life out. I’m also going to need to find a room in Northern Virginia within 15 minutes or so of Dulles for when I am on call around one week a month, and again we have $0.

It is a rather bleak outlook at this point, but I believe that if this is the door that God is opening then the means to pass through it will also be shown to us shortly, and that if this is not the way then the door will be closed and I’ll continue down the hallway of life looking for the next door that is wide open (or slightly ajar..)

A Week Of Lists: Wednesday – CDs and Games (and such) I want

I feel selfish this week, but I don’t really care! (Oh, how selfish of me..)

This week is a lot about me voicing my personal planning ideas about financial decisions in the next 12 months (based on how these unimportant things fit in the overall budget along with equally unimportant things Kelly wants) if possible.

Today is focusing on a broader range, encompassing computer games and music.

I’m probably going to migrate more to digital download music than CDs, but there is something comforting in owning a solid piece of plastic and the box for it to live in.

Anyway, in no particular blah blah blah…

Games:

  • Battlefield 2142
  • Call of Duty
  • Halo
  • Battlefield 1943
  • Modern Warfare
  • Modern Warfare 2

Music:

  • Some Gatecrasher
  • Parachute Band (Old and new!)
  • Rapture Ruckus
  • Hillsong United
  • Planetshakers

Spawning in the Game

Someone should write a song entitled “Spawning in the Game” to the tune of “Singing in the Rain.” Maybe it’s too cheesy? Maybe not.

I’ve been playing BF2 for a couple of days now, since re-discovering the game (I was bored with Command and Conquer with myself, wanted to find some new people to socialize with online). I’ve mostly been playing with the guys at ISI, the Iron Sharpens Iron Christian Clan.

I’m still looking for people to LAN with, and possibly some games to buy when funds become available for such, so if you’re a PC gamer who plays BF1942, BF:V, BF2, and live in the Augusta/Rockingham/Shenandoah county areas of Virginia (or know someone who does!), maybe you should drop me a comment!