Follow by Email

Friday, September 21, 2007

Wednesday, September 19, 2007

I'm not into PwdHash

After reading Bob Lee's endorsement of PwdHash, I decided to give it a run. After a two-week trial period it I've decided to no longer use it.

I think it's got alot of potential, but I don't think it's for me, and the process seems to ahve some flaws. Here are my three main gripes about the supposedly improved support:
  1. I am supposed to trust that F2 translates my password. The only visual cue that my password is being translated is by watching the asterisks that represent characters in the password text box. See, the hashed password has (seems to have) more characters than the unencrypted password you supply. PwdHash replaces your password with the hashed one when you navigate out of the text box, and so, when you leave, you should see the number of asterisks grow. What if I failed to notice the asterisks change? It's possible that PwdHash could address this with a better user interface: one that displays a hovering window, perhaps.
  2. It lulls you into thinking you can use the same password on multiple sites. If I were to accidentally type my password unencrypted, it's easy to log in to my other services. This brings up my third beef:
  3. I would feel more comfortable if PwdHash let me contribute a third key to the algorithm that creates all passwords. Now, even if I accidentally forget to press F2 before entering my password, there's less of a chance that someone can get to other services. In that way, I can individualize the tool in such a way that it's mine. If someone else knows how PwdHash translates 'password' for, they can find out how my password is similarly translated. I could get through this problem by making my common unencrypted password 'password_nnnnn', where nnnnn is this third key I talk about, but to do this I'm forced to make nnnnn something memorable.
Now I admit to be oversimplifying the problem to some degree, but the fact is, it just doesn't make me comfortable. I'd just prefer to eliminate the risk that a mistake on my part results in changing my password everywhere.

Tuesday, September 18, 2007

I miss Perl

Sometimes I get jealous when I read about dynamic programming, such as while reading this article by Neal Ford. I just wish I could feel that large applications could scale as well.

Don't get me wrong, I really miss coding in Perl, which resulted in code that more closely mapped to my thoughts. *sigh*.

Friday, September 14, 2007

Google Collections Library Released!

If you are programming in Java 5.0, I strongly encourage you to take a look at the Google Collections Library. I'm really impressed at the amount of work that went in to crafting this library.

This project would not have been the least bit possible without Kevin Bourrillion's hard work. Creating this massive library was his idea, and he managed to get several dozen engineers to contribute features, code reviews and tests. Kevin is also partly responsible for Google Guice.

I'm not going to bother going into any details about specific library features, I think Jesse Wilson is doing a fine enough job at that with his gentle introduction. I'm already drafting some posts to go on his blog.