Life & Times of a Female Software Engineer
Archive for March, 2010
Why I Can’t Stress Enough the Benefits of Using a Password Manager
Last month, I saw this post on LifeHacker and like the lazy blogger I am, didn’t get around until now to comment on it. The short of it is that because some Twitter users used the same password for multiple sites, an unscrupulous individual was able to use those usernames/passwords collected from a fake BitTorrent web site and use them on Twitter to see if they worked. Unsurprisingly, many username/password combinations worked.
The full explanation from the Twitter Blog:
It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. However, these sites came with a little extra – security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up. Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information. This information was then used to attempt to gain access to third party sites like Twitter.
It’s absolutely critical that people use at least different passwords for each site they visit, especially if the credibility of the site is in question (i.e. if the site was for warez or even for torrents as in this example.) A better practice is to have strong, different password for each site. Sometimes this is hard because each site has a different “rule set” for their passwords. Some site may require at least 2 symbols and 1 capital letter or some variation and things can get complicated and confusing very quickly.
I’m sure you’re thinking, “but Rachel, how am I supposed to remember all those stupid passwords? I’m not a computer!”
And then I say, “no problem, bucko, that’s where password managers come in!”
In an earlier post this week I was detailing a bug I had with 1Password. Well, that’s a password manager!
What’s a password manager?
A password manager is an application or service that uses a master password to encrypt a database of username/password combinations for web sites, services or other applications. On a Mac, it’s like Apple’s keychain. You type in your password whenever you log in to your Mac and magically all the passwords you saved in that keychain are available to your applications so you don’t need to type them in all the time.
My favorite password manager is 1Password but practically all password managers have similar functionality. Password managers have multiple purposes but I think the best are:
- Ability to create a strong password for different sites. Most password managers have the function to generate a password for you so you don’t have to come up with a strong password on your own.
- Create a password and then never enter it in manually again. Plugins for web browsers like FireFox and Safari make it so easy to click a button, enter your master password, and bang! You’re logged in. You’ll never have to remember an obscure password again. Of course, if you’re no where near your password manager and need that obscure password to log on to a site while at a public computer you’re a little screwed unless you have your password database automatically set up to sync with a service like Dropbox (and then you’re all set!)
- A central, encrypted place for all your passwords. “Back in the day…” I remember I used to keep all my usernames/passwords on pieces of paper and up until recently my mother was keeping them on index cards on a rolodex. If you’re a sloppy pig and don’t know how to organize that stuff, you may end up misplacing that password and then you’re screwed. With
The NaNoWriMo I Didn’t Finish
I’m going to go ahead and post the prologue and first two “chapters” I wrote for my NaNoWriMo novel I had planned to write this year, but never got around to finish. I wrote all this in one night and then stopped beause I am a loser and real life shit happened and I lost the will to continue writing. I have the entire plot and outline planned out, I just have to – you know – write it.
So now, for your consideration, the beginning of “Those Who Watched Over Us”
Making 1Password Work with a Proxy
I’m a huge fan and proponent of password management software and especially 1Password by AgileWebSolutions. Yes, it’s paid software and there are alternatives but I use a Mac and I like eye candy (plus I got it for free from a MacHeist a while back, so nyah.)
When I started working at my new job, I wanted to import all of my logins in case I needed them at work. I quickly found that working at a credit card company meant there were a lot of limitations to what you were and were not allowed to do. One of these things was that I couldn’t log in to Dropbox (where I keep my encrypted 1Password keychain for syncing across machines) and the second was that you needed to go through a proxy server in order to access anything on the internet.
The Dropbox I could live without, I would just have to manually sync my keychain every once in a while for passwords I might reset. The proxy thing was a problem though.
Every time I opened FireFox or Safari meant I had to authenticate against the proxy server. In FireFox this was especially a problem because every time I opened FireFox with tabs already open from a previous session, FireFox would prompt for my proxy password for each tab that was open to an external web site. This meant almost a “ba-jillion” window prompts.
1Password keeps track of passwords based on the domain, but because it was a proxy password, depending on what page it was trying to load, the “domain” 1Password would “pick up” was usually the wrong one. Obviously, I didn’t want to have to enter my proxy password manually every time (why would I have the password manager in the first place then?!)
The work around for this is to open up 1Password, create the entry for your proxy server username/password and where it says “Display: Always” there is an additional entry at the end of the drop-down that says “Show in Every HTTP Auth Prompt.” That’s the golden ticket!
Now, when you open FireFox, (warning: it still opens up a million authentication windows but you only have to fill out one) in the 1Password dropdown to fill out the prompt you will see your proxy option. You may have to refresh the pages if it didn’t pop up the auth prompts in order but that was an acceptable price to pay for me to have both 1Password and FireFox.
A “gotcha” to watch out for is in Safari. I noticed that if I reset my browser settings (like, everything blown away, settings, cookies, etc) it lost the proxy server authentication. What you have to do is disable 1Password as a plugin in Safari and restart Safari. A single prompt should pop up asking you for your proxy username and password and will ask you if you want to save it to your keychain. Click the box and submit. When you enable 1Password as a plugin again you should be golden and won’t have to input your proxy password ever again.
I hope this helps someone out there that had the same problem! Took me a good week or so to get everything running smoothly.
ActiveResource, Cucumber and Dupe
1 year ago
At my job at American Express Publishing in New York City, I’m doing Ruby on Rails development and I was hired to help with the redesign of FoodAndWine.com. The production site is currently running Cold Fusion and MS SQL and the team is employed with the task of creating a Service Oriented Architecture (SOA) Ruby on Rails web site to replace the legacy code. How this works is that the legacy Cold Fusion site will serve up services for our site, we’ll make requests to get that information and then display that on our Ruby on Rails front end.
This is all nice and dandy because of Ruby on Rail’s ActiveResource that’s built right in. The tricky part comes in with testing. At American Express Publishing in our web development department, we’re really big into Test Driven Development (TDD) and Behavioral Driven Development (BDD). There are tools out there already made to do TDD and BDD for Ruby on Rails, Rspec and Cucumber, respectively. These tools work great when using ActiveRecord but since we don’t utilize a database, Rspec and Cucumber have a hard time working with ActiveResource and mocking service data.
This is where Dupe comes in. My co-worker Matt Parker came up with a ruby gem to mock service calls for use within Cucumber and Rspec so that we can write the appropriate tests for our code. With Dupe, you can write expected service returns and run tests against them. For the initial pages we’ve written we’ve only needed GET requests. When I started cuking and spec’ing some of the flat pages on Food and Wine we found that there was a (probably underused) polls section of the site that we needed to pull over. Because it needs user input to add to the poll, we would need to add a way for Dupe to mock POST requests.
This is the first time I’ve really programmed a gem let alone worked on someone else’s. I’ve spent a lot of time today researching HTTP requests and GETs, POSTs, PUTs and DELETEs. I also looked up the difference between blocks, lambdas and procs and found this neat, well-written blog post about them that helped straighten me out.
I’m still figuring out the appropriate way to set all this up but hopefully I can update the blog with a success story by tomorrow!
National Procrastination Week
Well, no freaking wonder I can’t get anything done this week! It seems I have been unintentionally celebrating “National Procrastination Week!”
I really kinda hate it when people make up these weird “awareness” weeks like “National Wear Your Pants on Your Head Day” or “Foot Growth Awareness Week.” I mean, yeah, I see your growth and I am VERY aware of it, THANK YOU.
I think the only “National [blah blah] Day” I was ever excited for was “National No Pants Day” and that was because I hate winter and along with pants I hate wearing shoes and by May it’s usually warm enough to put on sandals too. And no, before you ask, I was no one to run around in my skivvies, it would just give me an excuse to wear shorts.
I digress. If you feel the need to be aware of or celebrate your procrastination, then by all means, please celebrate your holiday. I on the other hand will continue to be less procrastinative (“uh, I don’t think that’s a word, Rachel!”) and continue to use the Pomodoro Technique, but that discussion is for another blog post at a later time.
Corollary: After reviewing some comments on this post, I failed to mention my affinity for “International Talk Like a Pirate Day.” How could I have forgotten this? It’s on my fricken birthday. I have then come to the conclusion that I am fine with “National Whatever” days but if I have to be “aware” for any extended time, I go batty. I can only take my insanity in small, bite-sized pieces.
Rachel Ober » Maximum Z-Index Values
[...] Twitter « IE 6 & 7 z-index Bug [...]
5 months ago
Gmail Sucks
your right one would think google could do a little better
10 months ago
Bibi
Thank you, you saved me hours of looking around for a solution! It works for remote access, I hope it will work from my work also.
1 year ago
Jen Soldan
I am so, so, SO with you on moving. I've been in my place for three years now. Also the longest amount of time I've spent in any one place. […]
1 year ago
