View allAll Photos Tagged passwords
[Comic of Robot and Bunny playing in fall leaves]
Robot: You know what, Bunny? October is one of my favorite months. Autumn leaves hot cider, and National Cyber Security Awareness Month!
Cyber security affects each of us, and October gives me a reason to share simple steps for keeping systems and data secure.
What's my #1 tip? Can I give 2? Never share passwords with anyone, and pick strong passwords that aren't easy to guess.
-----------------
Learn more about strong passwords at ocio.osu.edu/passwords
How to secure SSH login with one-time passwords on Linux
If you would like to use this photo, be sure to place a proper attribution linking to xmodulo.com
In an odd twist, each child needs to have their own password. This is a challenge for users who do not know the alphabet yet or who do not know where the letters are on the keyboard. Hanalei (age 4) was very frustrated trying to access the XO tablet by herself
The first hands on review of the XO Tablet from One Laptop Per Child that sold out at Walmart and is now available on Amazon: goo.gl/x02En5
Wundrbar is the next generation of search (YC Winter (08)
"... Wundrbar is the next generation of search ..."
lost me at "enter your twitter username & password". certainly don't need to do this with google, icerocket, yahoo, altavista.
Some time later
"... what exactly do you mean - why does that lose you? because it's asking for personal information? ..."
Hi ngrandy. Pretty much. Here's why:
- To extract information from twitter doesn't require my username + password
- Third party sites that extract usernames + passwd information expose "users" to unnecessary risk of exposing their login details
- From a development point of view using the API is not necessary if you balance the risks of user details compared to product features
The reason I bring this particular point up is that I think this product is very useful & dearly would love it to succeed. But the first time I use a suggested example (eg: 'twitter bootload today') I'm required to sign over my account details. Why? You can get my latest information via RSS without having to get twitter account details.
As a new company you have to listen to what users want and balance what you can offer them and what they need. In effect weighing up the risks of giving them power at the expense of exposing them to harm. For me the risk of handing over my details to simply search for them is not worth it. FriendFeed appears to achieve this balance using RSS, why not other companies? Some observations:
- no SSL evident on twit account gathering (that I can see) so that username + passwd is plain-text
- are twitter account details stored on a third party machine (how is it encrypted?)
- how secure are the details being sent by third parties?
I've looked at the current twitter best practice on third-party sites asking users for personal details for authentication. The result is it appears twitter does not endorse this approach and as far as I can tell until OAuth is offered [0] there is no real secure way. So why offer it? So I'll go one step further and get an official twitter response to the best practice for third party developers using the twitter API and user account info. You can follow here [1].
My twitter account is my personal information channel akin to my phone account. I don't hand it over to anyone easily. Asking these types of questions about user details & security is making a personal statement about yourself.
Soon after ...
"...
hey bootload, thanks for your detailed response. you raise a lot of good points. we've definitely spent a lot of time thinking about these issues.
first, you're right that just extracting info from twitter doesn't require username and password. our initial twitter interface is an update though, which does require authentication.
- we do use SSL for all usernames / passwords that are submitted, though we should make that clear, b/c right now we don't give an indication.
- because twitter does not offer token-based authentication, and because we do not currently want to store passwords, we are actually submitting to twitter via the web interface; that means we submit the u+p just once, and then we hold onto a cookie, but not the u+p. when we login to twitter on your behalf, it is via https.
- one goal in the near / mid term is to give users a choice about the combination of privacy / convenience that they want. right now we have opted on the side of privacy, since we're not storing usernames and passwords. but some users have told us they would like wundrbar to basically act as a password manager, so we'll be building in that option.
- i hope twitter (and other sites) implement open auth soon, because i know there are alot of users who will be more comfortable using wundrbar through that authentication mechanism. ...
hey ngrandy, sorry for the delay in getting back to you and thanks for
explaining your setup. It reads like a well considered approach.
I've not got any feedback on the best practice for twitter on usernames & password access of the API. What prompted my reaction was the combination of an article from Ev Williams warning (still looking for it) of third party sites (not every 3rd party site) requesting twitter details. And the fact that for a quick search I wanted to do on twitter posts of mine - just to see if it would work. That extra login was a enough to enrage the inner "epileptic".
So consider the response from a "user perspective" not a developer response. I've seen other ways of integrating twitter posts using RSS (Friendfeed for isntance) but having used your site I now realise this approach will only serve a portion of what you want to do. You are caught in a hard place here.
Why?
You are building what users want - access to their data. But in this case the only way to get that access is to use the third party API's that are by nature insecure if poorly executed. It only takes someone elses site for this to happen and a quick post from sites like Twitter to ruin this approach. User fear may be baseless, but the perception sticks. A true catch-22 situation. I know which path I'd choose if I would do if I was in the same situation (your approach) If OAuth was set up with twitter you could avoid all this speculation. But you can't wait for other companies to do this. Guess that's the price of trail-blazing. The choice you mention for service sign-up sounds like a pretty good compromise.
Reference
[0] groups.google.com/group/twitter-development-talk/browse_t...
[1] getsatisfaction.com/people/bootload
next >>>
The PWJDM Rear Wiper Delete is more than just another simple basic product… for something simple and basic, you can go buy a rubber hole plug… that will probably fall off some day, or get taken by a punk ass too cheap to be honest. Like all the other PWJDM products, this product is also one that’s well thought out, well engineered, well manufactured, and well received… as well.
Being designed, engineered and manufactured entirely in-house here at HQ-PWJDM… is how we can make a better product than anybody else in the game. Like I said earlier… this is more than just a wiper plug. For such a small piece to have hardware, an optional O-ring seal and a backing cup for installation is beyond what most company would want to do for a product like this… we had some free time, and decided to make a product we all wanted to make… that seems to be the deciding factor on what gets made around here as of late.
This item is self explanatory… it cleans up the exterior of your car… why Honda would put a rear window wiper, and give us crank handles for side windows was beyond me… but now, you can actually remove the rear wiper and have that fresh clean look with the PWJDM Rear Wiper Delete.
In case someone has the balls to or is stupid enough to ask what this will do for you… peek at your cards once, hold a straight face, push all-in and tell them that the PWJDM Rear Wiper Delete is good for an additional 5HP and a slut or two down the ¼ mile. The punk ass will fold every single time.
Come and buy one now… available in all the usual cool colors PWJDM offers… except pink.
The V.2 Rear Wiper Delete Kit will generally fit wiper arms that originate from the glass hatch such as
- 90-01 Integra
- 02-05 Civic Si
- 02-06 RSX
*NOTE WILL NOT FIT 92-95 CIVIC HATCHBACK!!
Instructions:
Remove the rear panel to access the rear wiper motor.
Remove rear wiper arm.
Remove rear wiper motor.
Clean area around exposed opening.
Install 6mm set screw into the PWJDM Rear Wiper Delete.
Test fit the PWJDM Rear Wiper Delete and align the nugget to the notch.
(you can use the supplied O-ring or use a sealant)
Decide if you want to use the supplied O-ring or just install it without the O-ring for a flusher look. *
Insert backing cup, install the nut, and tighten.
Go chase some hoes when you’re done.
*You can mount this with the optional O-ring seal included or you can mount it without the O-ring seal for a flusher look and use a sealant on the back side.
Credit www.shopcatalog.com with an active link required.
Image is free for usage on websites (even websites with ads) if you credit www.shopcatalog.com with an active link.
How to reset the password in an LXC container
If you would like to use this photo, be sure to place a proper attribution linking to Ask Xmodulo
Windows login password for computer is used to keep personal information private and we are always create some administrator or user accounts on Windows 7/Vista/XP PC and also domain admin or AD accounts on Windows Server 2000/2003(R2)/2008(R2). It will be a big besetment when you lost windows passwords of those accounts. However, with some easily windows password hacker ways, it is possible to re-access your Windows system with no damage of the data.