In the new, digital economy, security is becoming more and more important. Online accounts are available everywhere. Your data needs to be safe. Security engineers have been paying a lot of attention to online security lately. Here are some trends in online security that are making the Internet a safer place.

1. Security Keys

Multi-factor authentication, or a way of using MORE than a username and password to prove your identity, is making serious advances.

Security keys are one popular multi-factor method of securing online accounts. Basically, you’re issued a device that contains a unique code generation algorithm. On the keychain-sized device, a 6-digit code changes every 30 seconds. The algorithm is shared between your device and the server that you’ll be authenticating with, so the server can generate the number, too. When the time comes to login, both ends of the transaction are able to generate THE SAME NUMBER and authenticate.

Currently, eBay/PayPal is mass-marketing these security devices. You can secure (not that it already isn’t) your account for a one-time fee of $5.00 USD. After your account is secured, it needs a username a password AND 6 digits that change every 30 seconds.  Unfortunately, this is ONLY available in the United States, Germany, and Australia.

PayPal.com

2. Key-Based Authentication

Another advance in the identity-proving arena is key-based authentication. Rather than a username and password, a user has a login key that contains a unique set of information–unique only to the visitor.

The authenticating server is equipped with a public-safe variant of that private key giving the user the digital equivalent of a padlock/key system. When a connection is initiated with a server, your computer encrypts your key in a securely-encrypted tunnel, sends it to the server where it is then decrypted (if you added a password) and matched against the key file (padlock). If successful, you are securely authenticated to the service. Essentially, rather than a short password that you have to type in, you have a long (1024 bits isn’t out-of-the-ordinary) password file that takes the password’s place.

Public implementations of this are still in the works; however, SSH has been using it for a long time now.

Learn more: http://www.laubenheimer.net/ssh-keys.shtml
Secure Shell on Wikipedia

3. OpenID

Attempts at central online identity management have been attempted in the past, but many experts say that OpenID is the best, most efficient and most flexible unified sign on system to bless the internet so far.

Logging in with OpenID couldn’t be easier. Rather than a username/password prompt, you’re asked to provide your OpenID identity URL. This URL can be anywhere. AOL, WordPress, and many other websites host your login identities as OpenID identities. In emails I have exchanged with Facebook, I know that they, too, are working to become an OpenID provider.

After entering your OpenID identity URL, you’ll be sent to your OpenID provider (eg: AOL) to verify your identity. It is up to the particular provider to determine the challenges that grant you access to your account. Verisign Labs, who licensed the PayPal Security Key, is providing OpenID solutions WITH your PayPal security key.  Most challenge with a simple username and password.

More information here: http://openid.net/
VeriSign PIP: http://pip.verisignlabs.com

4. Ambiguous Password Failure

When programming an authentication system, care must be taken to not reveal the underpinnings of the system and its structure.

Many websites will reveal the existence of an account to a potentially malicious user by saying “incorrect password.” The problem exists that with that type of verification, a malicious user knows that an account exists under the requested name and can proceed to breaking in with a brute-force or dictionary attack.

Now, many websites are just saying that the username/password is incorrect. Not only does this foil malicious cracker logins, but it causes the user to reassess his or her login credentials.

Conclusion

If you’ve seen good online security practices in the wild, let the world know in the comments area.

Even though I prefer to use Linux, I use Windows for one big reason. Even though this juggernaut operating system sucks, there are still plenty of open-source programs to soften the blow. All of these programs are free as in beer, and free as in speech. Enjoy!

1. Launchy

Launchy is the free and open-source program launcher that takes its cue from Quicksilver for the Mac.  Summon Launchy with a configurable keystroke, type enough for Launchy to determine what you’re trying to launch and hit enter!  Launchy will open whatever you typed.  In the picture, Launchy knows that I want to launch Mozilla Firefox.

License: GPL
launchy.net

2. Print Flush

If you hate the way that Windows handles print queue management, you need Print Flush!  Print Flush takes all of the steps involved in emancipating a stuck printer queue and puts them at a double click.  It’s easy enough for your Grandma to use, and I just GPL’d it–loosely.  I didn’t include the GPL license because that would have more-than-doubled the size of the download!  Print Flush is designed to be lean and mean.

License: GPLv3
bradkovach.com to learn more or download now

3. TrueCrypt

I hesitated to put TrueCrypt on the list, but decided to do so because it has one very strong focus: user security.  TrueCrypt is the most robust file encryption system in the world.  TrueCrypt combines open-source and military-strength in a very beautiful, cross-platform solution.  It has support for keyfiles, hidden volumes (which are too cool to explain), and–did I mention that it’s cross-platform?

License: TrueCrypt Collective License
truecrypt.org

4. Pidgin

Instant messengers rejoice!  Pidgin provides open-source instant messaging built on the open-source libpurple.  Supports ANY messenger platform you can think of (except Facebook Chat–but I’m sure it’s coming).

License: GPLv2
pidgin.im

5. WinSCP

WinSCP provides open-source, high-security file transfers using a variety of transfer protocols: SCP, SFTP, and the less-secure FTP.  WinSCP is very stable, very robust, and very easy to use.  Supports SSH keys for extremely secure authentication.

License: GPL
winscp.net

Honorable mentions

I’m including these programs because they are good, but their licenses are somewhat restrictive or they’re not appealing to a massive audience.

1. RSSOwl is a great RSS reader.  It is built on Java, so it is cross-platform.  I happily use it.  It is licensed under the Eclipse Public License which is a business friendly free software license.
2. Notepad++ is a free, open-source file editor.  It features syntax highlighting features for dozens of languages, a tabbed interface, and a powerful find and replace system.  It is licensed under the GPL (good for you!) but it’s rather intimidating to the casual user, which is why it is an honorable mention.
3. Mozilla Firefox is the poster-child for the open-source movement.  Unfortunately, although it claims to be GPL licensed, it is licensed under the MPL or Mozilla Public License.  MPL isn’t GPL compatible, which means that Mozilla Firefox isn’t GPL compliant.  Also, users are subject to the Mozilla EULA, which is a corporate end user license agreement.  That is semi-restrictive–therefore: honorable mention. * See corrections

Corrections

Apparently, with Mozilla Firefox’s source, you get to pick the license you operate under.

Most of the source code in mozilla, including the firefox bits are tri-licensed under the MPL/GPL/LGPL, meaning you pick which license you want to use the source as. It’s not a smelly ExtJs situation. You want it to be GPL, it’s GPL.

- according to itsnotlupus and eurleif from reddit

Sorry everyone, but it’s late! I do, however, have the Calculus Test (final) 4 note card done.

Click the card or click here to download.

Julie Approved!

29 agents made their way to Thriftway on April 1st, 2008 to stun the town by freezing for 5 short minutes. Agent Mel made the video.

Watch on YouTube! (for when you’re at home)

Those present:

• Agent Kovach (me)
• Agent Pride Fighter
• Agent Silverwoman
• Agen Braina
• Agent Kenny
• Agent Bacon
• Agent PO
• Agent Big Al
• Agent D-unit.
• Agent Cooler
• Agent Bindel
• Agent Brain
• Agent Smart
• Agent KAJ
• Agent Kay-shizzle
• Agent Wonder Woman
• Agents Mr. and Mrs. Incredible
• Agent Surprise!
• Agent Wells (who wouldn’t STFU)
• Agent Stephens (who wouldn’t STFU)
• Agent Mentz
• Agent Tonka
• Agent Shinny
• Agent Robinson
• Agent Beth
• Agent MJ

Video coming soon.

For those of you who may have missed it, a group of 27 participants met up to shock Thriftway by freezing, in their store for 5 minutes. After the 5 minutes we unfroze and went along.

Those present:

• Agent Kovach (me)
• Agent Pride Fighter
• Agent Silverwoman
• Agen Braina
• Agent Kenny
• Agent Bacon
• Agent PO
• Agent Big Al
• Agent D-unit.
• Agent Cooler
• Agent Bindel
• Agent Brain
• Agent Smart
• Agent KAJ
• Agent Kay-shizzle
• Agent Wonder Woman
• Agents Mr. and Mrs. Incredible
• Agent Surprise!
• Agent Wells (who wouldn’t STFU)
• Agent Stephens (who wouldn’t STFU)
• Agent Mentz
• Agent Tonka
• Agent Shinny
• Agent Robinson
• Agent Beth
• Agent MJ

Many also showed up too late, so they just watched. Galleries and video (from Agent Mel) coming soon!

What happened?

• 6:20 - People begin showing up. First to show: Agent Braina.
• 6:30 - Agent Mel wasn’t there yet. Almost 20 people have arrived. Please sign the roll.
• 6:33 - Based on pages over the intercom. Agent Mel pages two people
  1. Randi paged: FREEZE!
  2. Audrey paged: THAW!
• 6:35 - Start trickling into the store–slowly so people wouldn’t panic.
• 6:40 - Mel shows up.
• 6:43 - “Randi, please meet your mom out front!”
• 6:48 - “Audrey, please come to the front of the store!”
• 7: 50 - Everybody giggled, met up and left.

Update! RSVP on Facebook!

Who: Anyone who wants to come.
What: An improv comedy event. Everyone freezes in place for a specified period of time, thaws, then leaves.
When: April fools day… Briefing starts at 6:30PM
Where: Thriftway in Afton
Why: For fun.

For anyone who cares, I stole this hilarious idea from the genii in charge at improveverywhere.com.

How

Execution of this shenanigan will be crucial. Everyone must be in the Thriftway parking lot on time at 6:30 for briefing. The briefing will let you know of any important changes to the plan.

Since documentation will be so crucial, we’ll have a few people filming the whole event. Melanie Robinson will be there with her purse/video camera. We need more hidden camera videographers. If you have a small digital camera or something, please bring it and hide it! Hide it on a shopping cart and drive around. Place it between some Macaroni and Cheese on a shelf and leave it. Just make sure its in a good spot.

1. 6:30pm: Briefing.  This won’t take too long, but it’s super important!  I’ll go over final details and changes.  Be there or don’t participate!
2. 6:45pm: Everyone will enter the store inconspicuously (in a way that isn’t obvious). You might enter with a group of friends, but we won’t herd in together. Everybody should be in the store ready at 6:50
3. Shop… browse… do whatever—just act natural.
4. When 7:00 hits, listen to the intercom system.
5. When you hear the first intercom after 7:00 (if it’s not happening, Mel will get a bag boy paged), FREEZE!
6. Wait for five more intercom announcements, and then unfreeze after the last announcement finishes.  (Emergency plan: if it’s been about 5 minutes without an announcement, Mel will have a bag boy paged to help her.  At that point, leave.)
7. Act like nothing happened. Leave. It’s as simple as cake.

If you’re still confused, watch this video (it opens in a new window): Frozen Grand Central.

In summary

We’re freezing in Thriftway on Tuesday, April 1, 2008 for the duration of 5 intercom announcements (subject to change).

Be at the briefing in the Thriftway parking lot for final details.
Briefing: 6:30 PM
Everybody in the store by 6:50 PM
Freeze: the first announcement after 7:00PM

If you can, bring a camera or something so we can document this feat.

WordPress has been a primary source of income for me. It has been the driving force behind my success in my local communities. A major WordPress upgrade is coming: WordPress 2.5. Because of it’s impending release, I will be postponing the completion of several projects in order to be able to support the newer, better WP 2.5. Please enjoy looking at some screenshots of 2.5! Click any shot to make it bigger.

New Administration Interface

A total revamp has taken place. A light-blue and orange color scheme looks progressive, some say it’s too artsy. As you can see, the new color scheme is fresh, and definitely unique. Use of the color orange shows important HUD-style information. You can see it used in the comments menu, where a count of unapproved comments is shown.

The administration panels have been “divided” into the left tabs and the right tabs. The left tabs reflect pages that will effect your site’s content. The right tabs reflect settings for the site, such as plugins.

From the Dashboard, you can see several tasks, including links to write posts (blog entries) and pages. The shortcut to the page writing screen is a welcome addition.

New Post Writing Features

Developers have also revamped the post writing experience, including MUCH better media management, and plugin-free media embedding capabilities. You can easily embed images, audio, and video with WordPress 2.5. Also, rather than uploading, you can hotlink media from another website with ease. When you upload media, you can upload MULTIPLE files at the same time.

When adding photos, you have a new size available: medium. It’s an intermediate between thumbnails and full-sized. The photo add screen will let you apply css classes to images using a pleasant wizard-style GUI. Theme developers should note that adding css classes align-left, align-right, and align-center to your css will allow users to utilize these new layout features.

Uploaded media also appears in the Manage > Media Library tab, where you can easily flip through sort and filter uploads by file type and search by name. The media listing shows where certain assets have been used, and offers a permalink to the asset.

Improved search

WordPress search will examine posts and pages for content in WP 2.5 without additional plugins or hacks. The WordPress community’s cries have been answered. Previously, I preferred using the Search Everything plugin.

Better Security Practices

A new class has been in the WordPress codebase, called $wp->prepare. It basically takes user input and sanitizes it for safe database storage. WordPress 2.5 expects developers to begin using $wp-prepare to ramp up security.

Work on the XML-RPC interface has been completed as well. As for performance? I don’t know what the status is. I imagine that all fortifications will need to remain in place for high-traffic sites.

WordPress 2.5 is expected to be completed by March 10, 2008.

For more on WordPress 2.5

• See the codex article here: http://codex.wordpress.org/Version_2.5
• WordPress interface guidelines
• Download a nightly build.

One Horse Shy

Bad Grammar Makes me [sic]
($20 to $30 depending on style)

Ron Paul is my homeboy
($20 to $30 depending on style)

XKCD Shirts

Stand back… I’m going to try science!
($17 unisex | $19 girl’s babydoll)

Just Shy, not anti-social. (You can talk to me)
($17 unisex | $19 girl’s babydoll)

Maybe if this shirt is witty enough, someone will finally love me
($17 unisex | $19 girl’s babydoll)

DespairWear

Made in USA… By Robots.
(Holiday Price: $13.95)

Irony
(Holiday Price: $13.95)

Cheese is so good. For me, it is difficult to describe how good cheese actually is. There is plenty of evidence that cheese improves the flavor of everything*. I’ve heard that cheese is high in fat, bad for the heart, and good for the spirit. Based on that evidence some cruel, heartless people abstain from consuming cheese, especially American cheese. Whatever. I invite you, in the comments section, to contribute your own cheese vice.

* I actually couldn’t find that it enhances EVERYTHING, I simply can’t think of anything it doesn’t enhance.

I’d like to be the first to introduce the 7.0 redesign, aka Brad Kovach zen.0. It is designed to be a simple but elegant theme that facilitates the newer, mob-like mentality of the Internet.

It provides a visual refresh while enhancing usability. It’s built with design concepts in mind, such as a baseline grid, although it isn’t perfect.

For now, you should only enjoy it (if you like it). Everything works as it should. If something looks funny, the reason is that your browser is too old. If you enjoy Internet Explorer, try Firefox before upgrading to Internet Explorer 7. I have tested this site in Internet Explorer 6, Internet Explorer 7, Firefox and Safari.