...the buildings and stopping by that same Border's store mentioned above to check out some books at lunch time or being outside during the summer concert festivals sitting between the towers next to the golden globe. I miss those times. Only thing I have left from there is my green WTC ID card that has nothing on it stating it was from the WTC except for the little cartoonish logo of the two towers jutting up from a circle.

I carry it in my wallet these days to preserve the memory hoping to show it someday to someone who might be interested but so far nobody seems to care to see it even when I mention that I worked at #7 WTC when 9/11 happened but wasn't there that day since instead I was going in late to work and watched the whole thing happen on my TV from the safety of my apartment's living room overseeing the cloud of smoke spreading south towards the water.

Just as the poster above, I'm no longer working in Finance and no longer in NYC which has become a different place than I remember from that time and frankly I'm glad to be away from that Gotham City.

Microsoft is finally warming up to the the Linux Kernel release version branch split system in terms of purpose and usability.

Windows XP = Stable
Windows Vista = Development/Experimental
Windows 7 = Stable
Windows 8 = Development/Experimental

Already Exists: http://passwordmaker.org/
Google Chrome: http://passwordmaker.org/Google_Chrome

The Problem

If you're like most people, you have a few passwords that you use over and over again on many different websites. You know this isn't secure, yet you do it anyway. Why? Because it's difficult to remember a unique password for each and every web site that requires one.
Existing Solutions

Maybe you do use unique passwords, and get around the problem of remembering them by storing them in a spreadsheet or other file. Maybe you even use one of the many password managers that are available. But now you've centralized your passwords and access to them becomes difficult while at work, a friend's computer, or a public internet terminal. You can't get to your passwords without carrying them around or publishing them on the internet. Some people even carry a USB keychain with their passwords wherever they go. How inconvenient. And publishing them on the internet? Yikes! We need not even mention the security risks inherent with that solution. Even if you trust the company storing the passwords, you can be sure every hacker in the world is drooling over the prospect of accessing their database (Like the LastPass break in of May, 2011 LastPass Announcement).

Our Solution

PasswordMaker solves all of these issues. It is a small, lightweight, free, open-source tool for Internet Explorer, Firefox, Google Chrome, iPhone, Opera, PHP, Windows, OS/X, Linux, Flock, Yahoo! Widgets, Android, Python, and many other platforms & systems. It creates unique, secure passwords that are very easy for you to retrieve but no one else. Nothing is stored anywhere, anytime, so there's nothing to be hacked, lost, or stolen. PasswordMaker has been around since about 2003 and so is a mature, stable, popular solution.
How It Works

Warning - technical jargon in this section!

You provide PasswordMaker two pieces of information: a "master password" -- that one, single password you like -- and the URL of the website requiring a password. Through the magic of one-way hash algorithms, PasswordMaker calculates a message digest, also known as a digital fingerprint, which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PasswordMaker is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it." 1. In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help!

What About Portability?

For times when you must use one of the rare platforms to which PasswordMaker hasn't been ported, or are using a system where you can't install any software, there's an online version which mimics the extension and works in all web browsers new and old. No downloads or installations are required.

Western Digital - Caviar Green

Since we're trading anecdotes about hard drives I personally like the Western Digital Caviar Green hard drive line and use them for external storage and had only 2-failures (one-predicted) out of ~12-drives of various sizes throughout a 5-year period or so. None of this should mean anything to anyone because this is all anecdotal evidence and Google's research paper about hard drive failures is what you should be judging failures by not Slashdot posts.

I like these slow 5400RPM or (IntelliPower Variable RPM) speed drives since I use them as floppies in my external caddies (i.e. cradles) connected with eSATA to my motherboard SATA controller. I plop them in, turn on the caddy, let the OS hot-detect the drive and mount it, I use it transfer stuff to them, then dismount them, and turn off the caddy the remove the drive sometimes while the platters are still spinning since I feel the gyroscopic effect.

The slower rotational speeds and power-saving technology prevents them from heating up so much and I still get ~75 MB/s peak transfer rates for large multi-GB files with ~50 MB/s nominal and ~30 MB/s slow rates for small files. Awesome drives and Western Digital's online Warranty check and RMA process is simple and efficient.

My drives all still have the 3-year warrant and that is fine. If the warrant suddenly drops to 1-year I'll still buy these drives for the performance and features that they offer and because they have been good to me.

Photography and related equipment questions DO NOT belong on Slashdot! There are dozens of sites that offer reviews, questions, answers, posts, and opinions. Go there and leave us computer geeks alone.

Photography opinions are akin to Religious opinions. Not to be discussed in polite company outside of their own circles.

Wasn't there are story about the Chinese telecom companies trying to get into the US telecom business last week? Wouldn't a T-Mobile buyout by a Chinese company be the next step now that AT&T lost their chance? Wouldn't the current administration which is beholden to foreign investment funds be willing to sell T-Mobile to the Chinese? Is this too far fetched to image this happening?

your master password is only as secure as the weakest website you use it on

Perhaps I am misunderstanding what you're trying to say or you misunderstood PasswordMaker's one-way hash based idea.

The master password is used as a seed plus the URL + other funky info for a hashing function to create the password. The password that any website sees is derived from the one-way hashing algorithm used (MD5, SHA1, RIPEMD, etc.). The hashed password cannot be reversed. Only thing that can be compromised is your password for that one single site which is useless for any other site.

The best attack you can do is create multiple rainbow tables each, per site, per hashing algorithm used, per length of password, per character set, per each funky info chosen leading to thousands of rainbow tables due to algorithm permutations you're trying to catch.

It would be easier to use a key logger sniffer trojan on my computer to grab my master password and also the settings file for PasswordMaker to figure out what settings I used to generate it. If you can do this then all my passwords are compromised no matter if I used PasswordMaker, md5sum, or storage-based password app like GPG, etc.

Or could could just beat me with a $5 pipe wrench until I tell you my settings scheme and master password so you can post snaky comments on forums using my accounts.

PS: Anytime you say something is MILSPEC then I know that you can't be serious because MILSPEC is largely an inside joke to people who know.

I understand the issue with truncation causing 32-character password to be pared down to 8-characters effectively shrinking the entropy to something easily guessable that is a serious problem. Base64 encoding is better than Hex but still can be truncated.

I do have my reservations about PasswordMaker or the simplistic md5sum method I described but I am also equally concerned about fully unique password stores in a file that has a single master password. That file is golden, and if you lose it or have it compromised even if someone doesn't know your master password they effectively defeated that security system because you can't be sure if they have or will compromise the encrypted file. File management also becomes an issue if you have to access those accounts from a mobile phone, work laptop, on vacation, in an emergency where you don't have access to your own computer or USB stick, etc.

I also agree that all the options in PasswordMaker doesn't really make much sense if your master password is good already, they just try to add complexity to the hashing algorithm which is unnecessary since the hashing function has a good entropy already. These settings are just to create security by obscurity for any would-be holders of the master password but like you said the total permutations of choices is really limited and not so useful. I think the character set alpha-num+symbols, password length, and hashing function are more than enough.

My plan is to use different master passwords for different types of sites and also different security level desired so that throw-away forum logins wouldn't share game account password wouldn't share e-mail account passwords, and so on and so on. If one password got compromised only that site's account would be compromised and no other. If one master password got compromised then only that group of sites would be compromised.

Multiple login attempts to online sites usually get met with verification schemes, time-outs, lock-outs slowing down the password guessing process. However, brute force breaking of a password file can happen without limitation on farms of botted computers.

Both solutions offer the same thing, unique passwords per site so that insiders cannot use your password to login to other sites and accounts. One is storage-less one is storage-based.

The truly unique password stored in the file are stronger since they are truly random so at first this sounds like a great idea until the reality of management of the password file surfaces and you end up with all your eggs in one basket, that can be copied.

The algorithmically based passwords are not nearly as strong since they can be reversed if the master password or passwords are known but you don't have to manage any files, except maybe the preference file showing the settings you used for special sites that don't accept certain characters or lengths that you normally use.

Password management is a difficult task, especially when we have to manage dozens if not hundreds of accounts by now all using their own authentication system instead of using OpenID or Google APIs or Microsoft .Net.

Right now, I like the idea of storage-less unique password management better than trying to guard a password file in the world of Windows machines and vulnerabilities.

Got hit with this one!

On the morning of Nov 7th I started getting e-mails from Steam Support with confirmation codes when someone was trying to change my password and e-mail. Reinstalled Steam after a year or more of non-usage only to find that someone has been playing TeamFortress 2 on it, the same day. Changed my passwords. That evening received a number of angry e-mails from a Russian guy ( [www.crazy_denis@mail.ru]) demanding that I put the passwords back so he can use the account he bought and paid for. Used Google Translate into Russian sometimes Ukrainian to string him along through 12 short e-mails and got him to reveal and confirm that he actually had my username and password in clear text. Opened up a support case with Steam and forwarded the entire e-mail chain to them to start investigating. Got a form letter back, replied again asking them to check their systems for intrusion... today Slashdot story breaks about Steam being compromised. I wasn't the only one I guess!

PasswordMaker - Storage-less and per-site unique hash based password scheme

Changing all my passwords now to a PasswordMaker scheme for unique passwords for every single site based on a storege-less system that uses a master password + URL + other info you choose -> MD5 sum -> alpha-numeric symbols -> length limit to generate a unique password for every site and account based off your own single or multiple master passwords. You have to remember your own password and the settings you used and generate the same password every time that is unique and there is no secret data file to steal from you or for you to lose on a USB disk or upload to the net. This way your password is already hashed when you submit it to a site, it is unique per site, you don't have to store a list of passwords in any file, and you can regenerate your password on any browser, mobile phone, programming language since this app has been ported to practically everything.

I was thinking of something simpler such as "echo MyPassword69! slashdot.org|md5sum" and then "aaa53a64cbb02f01d79e6aa05f0027ba" using that as my password since many sites will take 32-character long passwords or they will truncate for you. More generalized than PasswordMaker and easier to access but no alpha-num+symbol translation and only (32) 0-9af characters but that should be random enough, or you can do sha1sum instead for a little longer hash string.

Here's the conversation for all of you.

From: [mailto:www.crazy_denis@mail.ru]
Sent: Monday, November 07, 2011 11:03 PM

Crazy Denis: You bitch Give me my account is steam which I bought yesterday! will not come back you will have problems moshenik fucking

JakFrost: I would kindly suggest you go and get another account from the source before you lose more than just money. To understand each.

Crazy Denis: How do I get another account?

JakFrost: Ask a guy who you got this one and get another one. This account is off limits.

Crazy Denis: I wrote to him he was going to do nothing to write tehpoderzhku said there had already written an answer waiting for 24 hours
damn well bring back pliz account you do what it's worth it

JakFrost: What's the password for that account so that I could find one for you?

Crazy Denis: Login: MyUsername Password: ********

JakFrost: (No Reply)

Crazy Denis: Well, I found?

JakFrost: That is correct user name and password, but that account is currently blocked by Steam support of a security breach. I can not use it either, so it ruined for us both.

Crazy Denis: Yes, all right there!, Today began to go wrong is led pishel password or an account is not suschustvuet

JakFrost: I do not know, I get an error that the password is incorrect or the account has not been found.

Crazy Denis: A registered on your soap the same account?

JakFrost: No, it does not work.

Crazy Denis: clear, damn well feel sorry for you and I were left without an account, but I also paid for this account

JakFrost: Yeah me too, I lost money on it, too. Maybe it was sold to many people, and we are not alone?

Crazy Denis: can be!

JakFrost: We both have lost count. Too bad. Good luck and goodbye.

Crazy Denis: Come on you too, good luck and dosvidaniya!

From: Steam Support [mailto:email@support.steampowered.com]
Sent: Tuesday, November 08, 2011 6:12 PM
To: JakFrost
Subject: RE: Hack attemps, took precautions, need IP logs. - [9741-TBNM-6929] [6ee6d830]

Hello,

A staff member has replied to your question:

Hello,

We will investigate this matter and take appropriate action.

GnuWin32

CoreUtils
DiffUtils
FindUtils
Gawk
Grep
Sed
WGet
Zip/UnZip

NirSoft

All Utilities (Ignore False-Positive VirusScan Warnings)