Show 040 – Expiring Stochastic Passwords
Welcome to Episode number 40 of Citizens of Tech, the show about nerdy stuff, for nerdy people, by nerdy people.
Today on the show we have: Expiring things, Compulsory Password Changes, Artificial neurons, XBox One version 2.0, Deathwatch, TIL and extra bits and bobs along the way.
Expiration dates mean what, exactly?
- We all have pills in the medicine cabinet. Unless you’re a prescription consumer, you probably have some pills past the printed expiration date.
- The question then…what’s that really mean? Is a pill good one day, and bad the next?
- In 1979, a law was passed requiring drug manufacturers to stamp an expiration date on product.
- The date is a guarantee of “full potency and safety.”
- Now, that doesn’t mean that drugs aren’t safe or useful after the expiration date. A military study found that 90% of over 100 different drugs tested in a military stockpile were good to go, as long as 15 years past expiration.
- Exceptions to this include nitroglycerin, insulin, and liquid antibiotics. So don’t just pop any old medicine in your mouth.
Now, what about food expiration dates?
“Closed or coded dates” are packing numbers for use by the manufacturer.”
A “Use-By” date is the last date recommended for the use of the product while at peak quality. The date has been determined by the manufacturer of the product.
A “Best if Used By (or Before)” date is recommended for best flavor or quality. It is not a purchase or safety date.
- “A “Sell-By” date tells the store how long to display the product for sale. You should buy the product before the date expires.
- For food products that are dates, there are different kinds of dates. Quoting the USDA site directly.
- The US Dept. of Agriculture says that there are few food products required by federal law to be dated, although 20 different US states have various dating requirements.
- Use-by dates are not about safety, but rather best quality.
- Sell-by dates are about safety. Pay attention to the dates here, and track refrigeration and freezing instructions.
- Canned foods have packing codes that may include a date.
- This isn’t for you, the consumer, to be worried about. USDA says if that the can looks okay, it’s okay. If it’s dented, rusted, or swollen, then it’s not okay.
- “High-acid canned foods (tomatoes, fruits) will keep their best quality for 12 to 18 months; low-acid canned foods (meats, vegetables) for 2 to 5 years.”
- Mr. G’s Liquidation – Stores that sell “past prime” goods.
Frequent password changes don’t help secure diddly.
- You know that password policy your organization has? The one that makes you change your password 413 times a year?
- It’s there to ensure that attackers can’t brute force or utilize known passwords.
- Heck, it’s a default setting when you create an Active Directory domain, so it must be right!
- Not so much.
- The FTC marketing dept. Tweeted out “Encourage your loved ones to change passwords often, making them long, strong, and unique.”
- Lorrie Cranor, Chief Technologist for the FTC was irked by this proclamation – and not just because it sounds vaguely like a Sir Mixalot reference.
- She went to the marketing folks and asked why they tweeted it
- Basically, it was “common knowledge”
- Also, the FTC makes employees change their passwords every 60 days, so again, must be good advice, after all lots of people with lots of degrees and certificates drew up that policy.
- “For one, a growing body of research suggests that frequent password changes make security worse. As if repeating advice that’s based more on superstition than hard data wasn’t bad enough, the tweet was even more annoying because all six of the government passwords she used had to be changed every 60 days.”
- So she went to the CIO and CISO to challenge the policy. Presenting the view of numerous security experts to them.
- The CIO asked for additional research and Cranor was happy to oblige.
- Their findings tell you what many of us probably know:
- When users are forced to change passwords as frequently as every 90 days, they will subtly change an existing password through “transformation”
- IE: “tarheels#1” becomes “tArheels1” or “tarheels11” or even the tricky “Tarheels#111”
- The point here is that transformation is incredibly easy to crack with the right algorithms.
- If the lockout policy is 5 failed attempts before lockout, they were able to get 17% of the passwords cracked before being locked out.
- With greater attempt thresholds and using higher power computing devices, they were able to crack 41% within 3 seconds.
- “I’m happy to report that for two of my six government passwords, I don’t have to change them anymore,” Cranor said. “We’re still working on the rest.”
- She presented evidence from a UNC study from 2010 which analyzed 10,000 password hashes for expired passwords at UNC
- Another study, by the Carleton University in Ottawa, Ont. found that frequent changes did not hamper attackers much at all and just added more inconvenience to end users.
- Other organizations such as the US Government’s NIST and the U.K.’s CSEG echo the same basic premise: it’s at best ineffective if not outright counterproductive.
- VICTORY (of 33%)!!!!!
Computer brains are not like human brains, but we’re getting there.
- IBM has created an artificial neuron, which isn’t exactly new.
- What is new is the material used for the neuronal membrane.
- Okay, so biological neurons. Think of them like electrical circuits. They conduct, or don’t conduct electricity depending on state.
- There’s an input — those are dendrites.
- There’s a neuronal membrane — they are a sort of an insulating capacitor — this is a lipid bilayer. The membrane is around the spike generator — soma and nucleus.
- There’s an output — the axon.
- Electricity comes in from the dendrite and builds up along the lipid bilayer. When enough charge is built up, the lipid bilayer (that neuronal membrane) becomes conductive and sends electricity along the axon.
- IBM’s come up with an artificial replacement for the lipid bilayer — the neuronal membrane.
- They are using germanium-antimony-tellurium, which we’ll abbreviate GST.
- GST can be either amorphous or crystalline, and it can change between the two usually with heat. That makes it a phase-change material.
- In IBM’s artificial neuron application, GST changes phases with the application of electricity.
- Here’s where it gets odd. Biological neurons fire at imprecise times. Once electricity starts building, we don’t know precisely when the neuron will fire. The GST phase & reset cycle is the same result. We don’t know exactly when it will fire.
- Thus, this is indeed very close to the behavior of the neurons in the human brain.
- What can we do with this? We don’t know yet. There’s not software that can take advantage of this way of processing data. But we’ve made another step towards the artificial brain.
- “IBM has built 10×10 crossbar arrays of neurons, connected five of those arrays together to create neuronal populations of up to 500 neurons, and then processed broadband signals in a novel, brain-like way.”
XBOX One S – 4K to rule them all!!
- …and in the darkness bind them.
- The XBox One (or XBone) is fabulously successful
- Microsoft has entered into and come to be one of the big boys of the console market
- With that said, the Xbone is not overly powerful when compared to the PS4 and especially PCs.
- Neither the PS4 or the Xbone can do 4K resolutions in games, which is honestly no surprise
- The fact that neither do 4K streaming either came as news to me
- Enter the “refresh cycle” of both systems:
- Microsoft has just released the Xbone S – with 4K support! YAAAAY!
- PS4’s refresh is expected to do the same.
- The Xbone S is 40% smaller than the original
- The USB port is now on the front instead of on the side
- The power and disc eject buttons are on the front as well, which, you know, makes sense.
- A few other minor items have been changed as well, such as the controller sync button
- It also ships with a nice looking vertical stand, if you’re into that sort of thing
- Overall, it’s a handsome, slimmed down console with 4K resolution support
- …..except it still doesn’t play games at 4K – only video streaming
- If you want 4K gaming you’re either waiting for the next generation consoles or you’re playing on a well equipped PC today.
Blackberry begins hammering nails into its own coffin with patent litigation
- We put the Blackberry Priv on deathwatch in Episode 17. It’s not doing well. As of Q1 2016, they’d sold about 600K units, and rumors coming out of AT&T suggest that the Priv was seeing a lot of returns.
- Maybe we should just put the entire company on deathwatch. Why?
- They are moving into patent litigation as the way to generate some revenue. Hello, Avaya.
- Blackberry has filed suit in a Texas court against Avaya claimin 8 patent violations. The goal? Licensing. If Avaya is found to infringe, then Blackberry will be entitled to some money.
- In other words, life support. Blackberry is on life support now. “In May, BlackBerry CEO John Chen told investors on an earnings call that he was in “patent licensing mode,” eager to monetize his company’s 38,000 patents.”
- Too little far too late. The industry will keep digging the hole deeper with products people want to buy while you lower yourself in frittering away time in the courts.
Content I Like
- Primarily a mailing list.
- Published once every few weeks or so.
- Challenging thought exercises that see patterns in technology and apply them to human behavior.
Today I Learned
“Stochastic refers to a system where there is an amount of randomness in the results. Biological neurons are stochastic due to a range of different noises (ionic conductance, thermal, background).”
In 1967 the Monkees sold more albums than the Beatles and The Rolling Stones… combined.
That’s all for Citizens of Tech today. See you on the /r/citizensoftech subreddit, Twitter @citizensoftech, and anywhere fine technology is sold. We very much want to see you again, so please remember not to cross the streams.