Disk space is abundant and cheap. These days, you can get a 2 TB hard drive for under $100 from Newegg. I remember one of my first work computers, about 10 years ago, that came with a whopping 2 GB of storage. Those days are long gone. With the move to solid state drives, though, storage space is getting smaller, at least on a single solid state drive. My MacBook Air has a 128 GB drive, which would have felt humongous even a few years ago, but now feels small compared to my Windows 7 machine.
With all of the crazy outages and hacking going on in the digital world over the past week or two, the fact that LastPass has an issue (as of May 3rd), probably shouldn’t come as a surprise. Still, it is a bit of a shock to the system to be reminded that the “last password you’ll have to remember” is potentially as vulnerable as any other. Before panic sets in among LastPass users (of which I am one), know that the company is on it, and that those with strong, non-dictionary based passwords should be fine in any case. LastPass also admits that they may even be overreacting, but prefer to err on the side of caution when it comes to keeping your data safe — a policy that I am 100% behind.
Without getting into the technical aspects behind it all, what basically happened is that LastPass discovered at least two network traffic anomalies in their systems that they couldn’t explain. One occurred in a “non-critical machine” and the other came from one of their databases. The second matched with the first and involved information exiting the LastPass environment. The company reported in their blog post that the outgoing amount of data was large enough to have contained email addresses, password hashes, and “server salt,” but not enough to have “pulled many users’ encrypted data blobs.”
While LastPass doesn’t feel that the issue is a large one, they recognize the potential for brute force hacking on the passwords of any users that may have been compromised. This is most likely to affect those who have a master password that is lacking in strength and/or dictionary-based, which is still incredibly common, even today. To protect the integrity of their systems, and their users’ data, LastPass is requiring all users to change their master password. They are also looking for email validation from you if you happen to be logging in from an IP address that is outside your usual set. This is an added security measure, just in case your password does get compromised before it is changed.
Don’t rush off and change your password right away, however. The sheer volume of password change requests is slowing down LastPass as a whole, which is causing server connectivity problems across the board. The company has beefed up the email verification protection as a result, and are confident that there should be little risk in waiting a day or two before changing your master password. You will have to do it eventually, however.
When you do change your password, strength should be your primary focus — but there is no reason you have to put together something that is impossible for you to remember. That may seem a bold statement, considering that strong passwords need to have combinations of numbers, symbols, and both uppercase and lowercase letters — and should avoid dictionary words — but a great post by Gina Trapani (Lifehacker) back in 2006 essentially solves that problem.
Gina advises that you use a single rule set as the basis for all of your passwords. You start with a base password that you create from something like a favourite acronym, letter/number combination, or nonsense word that you will never forget. Pad that with some symbols for extra safety, if you want, and store it somewhere offline, just in case you forget it. Once the base of the password is set, the rest comes as a result of the service you are signing up for.
For example, you could set your base password using your initials (including middle) or even your favourite pet’s initials, combined with your favourite number. In this case, you are the proud owner of Fluffy Cattington, and have a love for the number 86. Your base password could be something like FC86, or FfyCt86, etc. Add a few things to that for extra strength and you could have this: &*FfyCt86!, or #(FC86)^^. Already, we are well on our way to a secure password.
The next step is to add a standard code for the service you are using. Initials or the first few letters of the service name are good here as well. If this were to be your LastPass master password, for example, you could have something like this: &*FfyCt86!LP, or #(FC86)^^Las. Just try to make sure your password is at least eight characters long and that you are using numbers and letters. Using symbols and uppercase/lowercase letters is even better, but not all services will allow this in their passwords, so you may have to adjust for that. LastPass does, so no worries there.
Check out the Lifehacker post for even more ideas on how to choose your base password.
If you are interested in alternatives to LastPass, check out Evan’s post on eWallet vs Keypass vs LastPass. I like LastPass, though, and am pleased by the lengths they go through to protect their service and users. Evan also makes a great case for LastPass here.
What are your thoughts on choosing and remembering strong passwords?
We’ve covered Feedly before (and we thought it was great!) but the RSS feed reader to smack all others is now much-improved. The web app has seen several updates in functionality and sharing features, and the recently released and updated mobile apps have been generating a lot of positive attention. And why not? The experience is nearly identical on both iOS and Android phones and tablets, and Feedly Mobile 2.0 easily competes with the likes of Pulse, Flipboard, and Zite. With an update or two, it might even blow those apps away completely.
Feedly’s minimalist magazine design focuses on the content, presenting it in an easy to read format that is complemented by the app’s simplistic navigation. The mobile apps are especially barebones, keeping the effects to a minimum, and the overall presentation is extremely appealing. The toolbar on the bottom of the screen allows you to like (on Google Reader), bookmark, email, and share articles on Twitter. You can also enable saving to Instapaper and Read It Later. The web app has several more options for sharing content, but the basics are available in Feedly Mobile 2.0, with the exception of one service: Facebook. That seemed like a bit of an oversight to me (and that’s me understating the obvious), but the developers assure us that Facebook functionality will be available in version 3.
One of the best things about Feedly is its learning algorithm. While you read, the app learns about the topics that interest you most, and does a great job configuring your personal magazine around those interests, bringing your favourite types of content to the forefront. You can always go through your sources one at a time, if you like, but taking advantage of Feedly’s different sections — each one tailored just for you — really helps to keep your reading moving and you engaged. Feedly also offers suggestions, periodically, of other sites that may suit your interests, which is helpful.
If you don’t feel like connecting with Google Reader, Feedly does have a host of content already available for you to sort through, but it works best when you are logged in.
Feedly Mobile 2.0 is every bit as fantastic as the web app. It’s incredibly responsive, and is beautiful to look at on all platforms, including iPhones and Android phones, the iPad, and Android tablets of different sizes (both 7″ and 10″). There are a few niceties packed into the HTML5 goodness, as well, such as an instant search bar, a black or white theme (which helps with night reading and can be changed with a shake), a history section, and the ability to start on the magazine layout or category of your choice. There are still a few kinks that need to be ironed out of the mobile apps, however, such as the lack of Facebook sharing, and that the app only works in portrait mode. Hopefully these issues will be resolved in an update or two. I’d also like to see some of the additional sharing options in the web app find their way to mobile as well, especially sharing on LinkedIn and Evernote.
Feedly is free, and it kicks butt. Get it.
Now you know I love it — what about you?
What a week for the cloud. On April 19, Sony took down the PlayStation Network in the face of hacker attacks that compromised the network. Two days later, large portions of Amazon Web Services crashed and burned, due to technical glitches. Amazon has since recovered, but the PlayStation Network is still offline. Much has been reported about the effect of the Amazon outage on major sites like Quora, reddit, and Foursquare. But many “ordinary” bloggers use Amazon services as well. How did it affect them? We spoke to a blogger whose sites were taken offline by the outage, and learned a few things.
One of the Most Beautiful Things Humankind Has Ever Made-and I’m Not Talking About the Phone [video]
This is one of the coolest things I have ever seen. In my life. Seriously. And oddly enough, it’s for a smartphone commercial — the Sharp SH-08C Touch Wood. Picture this, if you will: a quiet day in a beautiful forest, the occasional deer, and a small stream chattering as it flows by on its merry way. Doesn’t that just scream relaxation? Now imagine yourself breathing in that fresh air, drinking in that view — and listening to the sounds of Bach’s Jesu, Joy of Man’s Desiring (Herz und Mund und Tat und Leben, BWV 147) as it tinkles through the air. You look around, wondering where the music is coming from, and see a long, angled construction between the trees. It’s made of wood, is kind of pretty in its own right, and it’s singing out the notes of the 10th movement as a little wooden ball rolls ever downward, toward the waiting ground.
You can’t tell me that you don’t think that’s cool!
The gravity marimba, as it’s called, is a masterful feat of engineering. So much so, in fact, that a part of me still thinks it might be computer graphics — but from all reports, it’s real. Each time the little wooden ball hits one of the wooden slats, a note sounds. Each wooden slat is just long enough, and angled in just the right way to provide the proper rhythm; slowing down or speeding up as needed. The sustained notes are an added treat — very cleverly done. The math that must have been required to create this thing boggles my regular, writing-loving mind!
My just-about-three-year-old daughter and I were enthralled by this video — we watched it four times in a row — and like I said, probably one of the neatest things I’ve ever come across, online or off. These things should be built everywhere. The phone that I mentioned doesn’t come up until the end of the commercial, and is in itself an interesting attempt to marry technology with nature. It appears to have a wooden back, for example.
Watch the video! Absorb it. It just might make your weekend! :D