I don’t spend loads of money on myself. I’m the sort of person that hates to spend money on something I later regret.
This worked out well recently when it allowed us to buy a house. Not out right. Just most of the deposit.
So, since it’s been a pretty full on six months I treated myself to an Asus eeePC 1015PX.
My main reasoning behind this was I spend about an hour on a train a day and a Netbook seemed a good way to maybe do something productive.
Needless to say I wiped Windows 7 off of it and installed Arch Linux.
At the moment it is set up just a basic XFCE desktop environment but I hope to switch to something like Awesome for true portability. Touchpads and trains don’t get on.
I’ve basically spent the last few weeks trying to get to grips with power management and drivers. Riveting, eh?
You might have noticed some pictures of a hairy guy with a small baby boy on the blog recently. That’s me and that’s my son.
His arrival has been a life changing experience and, like all life changing experiences, people tell you it’s life changing till they are blue in the face but you never really realise how life changing it is until it happens to you.
Up until just before our boy was born I plowed about 80-90% of my life into MMOs. That started in about 2007 when I took a break from playing with Linux, which had been my main hobby from about 2003. At that point I was very active in the Arch Community and had just been accepted as a developer. Odd time to walk away!
Anyway, I barely touched my Linux installs in the intervening 5 years but my interest has been rekindled, my boxes have been pacman -Syu’d and a brand new netbook has been saved, in everyway, from Windows 7.
My return to the world of Linux has quickly proved to be all to familiar. By turns hugely productive and rewarding yet also face punchingly frustrating.
So, because Linux would literally be nothing without the Internet to support it, it’s incumbent upon me to share my experience in the hope of saving someone else an enormous ball ache.
I love this cartoon. It makes a great point really simply.
However, it’s a bit, well, misleading…
The cartoon suggests that Tr0ub4dor&3 is massively more susceptible to an attack than correcthorsebatterystaple because of the difference in entropy.
Assuming the math is sound (I calculated using actual password space rather than entropy) I still have a problem with how it might be interpreted.
In the cartoon Tr0ub4dor&3 loses entropy points because it’s based on a non-random word with substitutions. Ok, that’s fair enough. Lots of people do create p4ssw0rds this way so it seems reasonable to punish this with lower entropy.
In short, this password is punished because the format is predictable.
However, if we punish that password for a predictable format, it’s also fair to say that correcthorsebatterystaple is thus susceptible to a dictionary attack. Conversely, Tr0ub4dor&3 is entirely secure against such an attack.
A pure brute force attack against Tr0ub4dor&3 with a 1000 guesses a second would take 180 billion years.
The same attack against correcthorsebatterystaple would take 7.5 billion billion years.
The difference is so gigantic it’s almost inconceivably massive.
However, if we consider a dictionary attack using 860,000 words against correcthorsebatterystaple at 1000 guesses a second we’re looking at 17,345 billion years.
Suddenly, correcthorsebatterystaple is a lot less strong.
In fact, if you add a single _ to the end of Tr0ub4dor&3 it now takes 17,134 billion years to brute force. That’s very comparable.
To batter the correcthorsebatterystaple example even more we could alter our dictionary attack and remove all the words that are shorter than 4 characters from the 860,000 total. This would be reasonable as you would want your four word password to be at least 16 characters long.
However, I can’t deny that a pure brute force attack on Tr0ub4dor&3 would take less time than a full dictionary attack on correcthorsestaplebattery and the latter is much easier to remember.
So it’s still an amazing bit of work – it just helps to understand the details.
So… what?
Well, basically, two things.
1) using a format that helps you remember your passwords is a good idea – whether you combine 4 random words or use substitutions – the weakness comes when someone PREDICTS the format.
For example, using 4 random dictionary words AND making a single typical substitution of an alpha char for a numeric char (e.g. substituting a 0 for an o) secures it completely against a dictionary attack and the hacker would have to resort to a brute force attack. However, if the hacker KNOWS that you did this, they know they can modify their dictionary attack instead.
2) there is no substitute for length when it comes to passwords.
For example, take a simple 8 char lower case password. Changing one of those 8 chars to a number means it takes 10 times longer to brute force. However, adding another lowercase char would take 26 times longer.
That’s a generous example but it makes the point. Having a short but complex password like #9Nj and then typing it 4 times is extremely resilient against a brute force attack.
Just make sure no-one is looking over your shoulder…
Turns out I’ve got an old PS3. Seems weird to say that but it is a very early version. It only had a 40Gb HDD, for example. So in order to take advantage of the PSN Welcome Back I had to upgrade my HDD.
Having read the instructions I knew that backing up, installing the new disk and restoring the system should be relatively simple. Still, I didn’t expect it to go quite as smoothly as it did.
So, Sunday, I went into town and bought a 320GB disk from yoyotech. They may not be the cheapest but they are competitive and working full-time is not very compatible with internet shopping, anyway.
Then, on Monday, my lovely wife borrowed an external HDD from work for me to do the back-up. Bless her.
I was pleasantly surprised that the PS3 backup routine uses a file structure that allows multiple, time-stamped back-ups on the same disk. That’s cool, eh? I did a couple of back-ups just to be sure and then dived in.
Actually changing the drive was easy. I’ve done loads of laptop HDD changes in the past and it was really no different. Although, I’ll wager the screws on the disk caddy weren’t tightened by a human. If they were, that human was having a bad day.
The restore was just as easy as the back-up. A couple of restarts later and everything was exactly as it had been before except now I have 8x the HDD space.
Kind of dull but I am delighted it was that easy. I really didn’t need any hassle!
I picked up a Dell Optiplex SX280 from eBay last week with the intention of setting it up as a dedicated Linux box. Previously I have always worked with dual boots but I decided it was time to have the best of both worlds full-time.
The install went pretty well although it’s been a while since I did anything in Linux. I came a bit of a cropper trying to partition the hard disk. The auto partition scheme was great and worked fine but didn’t make a separate /var and /tmp, which I wanted. So, I resorted to doing it manually but was baffled by cfdisk and working with extended/logical partitions and the fact I couldn’t choose the FS I wanted. Naturally, I shortly discovered that cfdisk doesn’t make filesystems and that comes later in the install.
After that it all went pretty flawlessly. I have used Arch Linux a lot before so the set-up was pretty simple once the OS was actually installed.
I have a friend who works for LG and a few months ago he slipped me an LG Optimus One to have a play with.
I had an HTC Hero before and I loved it. When I initially switched to the LG I hated it. My only experience of Android had been with HTC and I thought Sense and Android were one and the same. Imagine my disappointment when all the great widgets weren’t there.
I stuck with the phone though because it was noticeably faster than my Hero, which was starting to struggle under the weight of the apps.
This week I have finally got my home screens setup just so. I thought I might share some of my favorite apps and widgets in the next few days.
I wish I could post screenshots of my phone but it’s not rooted.
