Archive

Archive for July, 2009

New Blog

July 15, 2009 1 comment

Welcome to my new blog, hosted by wordpress.com. I am unable to import certain features, so I will have to change some stuff manually and it is going to take a while. If you notice any discontinuity between this blog and the old one, please let me know with a comment on this post. I am aware that the theme is different. Additionally, all links to other posts still link to my old blog. If you happen to see any of these links, let me know where it is and I will fix it.

EDIT: Bill fixed the links. All links to my old blog now redirect to my new one.

EDIT 2: The blogroll and other links have been fixed.

Categories: Off-Topic

A Full Endorsement of the Colemak Keyboard

July 10, 2009 3 comments

Everyone who spends more than thirty minutes a day at the computer needs to learn this layout. Sure, your fingers might not care too much now, but after years of typing on the infamous QWERTY keyboard, your fingers will not be pleased.

Why is QWERTY even used? Back when the mechanical typewriter was invented, key jams were common. To solve the problem, Christopher Sholes decided to redesign the keyboard so that key jams would be less common. But as a side effect, it actually made it harder on the fingers. And thus, the QWERTY layout was born.

In today’s world of computers, key jams are no longer a problem. But finger comfort is. In 1936, August Dvorak created the Dvorak keyboard, an optimized keyboard designed for comfort. Today, the Dvorak is available on most operating systems. But when Dvorak was designing his keyboard, he did not have the advent of computers to aid the creation of his keyboard.

And that’s where Colemak comes in. Colemak, designed by Shai Coleman, is the keyboard of the modern world: fast, efficient, and fully optimized for computers. Why should you use Colemak?

Easy to access. It requires but a simple download, and you’re good to go.

Easy to learn. Learning a new keyboard layout is far easier than learning a new language. Not only that, but QWERTY is specially designed to be easy to learn. The dedicated practicer can be up to speed within a couple of weeks.

Easy to remember. You can fully retain knowledge of a keyboard layout just by typing in it for ten minutes every day.

Comfortable. In QWERTY, your fingers are jumping all over the place. Colemak gives them a chance to calm down. It simplifies the whole typing experience, and in the long run, your fingers will thank you.

Fast. Many users have experienced a burst in typing speed after learning Colemak.

========================

What do the users say about Colemak?

I am loving colemak. I feel less pain when I type . . . The person who invented it is a genious :D.

-nO_LAG

I’ve been practising touchtyping on Colemak . . . my hands don’t hurt anymore[.]

-Mirrorball

. . . I’ve never been more comfortable then in Colemak, so thank you Mr Colman!

-Jack

Thanks for this fantastic layout.

-raymi

My qwerty speed was about 48 wpm . . . my typing speed with colemak is about 68 wpm.

-Turbulenz

Very satisfied . . . If you can make it through the first two months you will be rewarded!

-mac_colemak

The choice is clear: it’s time to learn Colemak!

Categories: Keyboards

Password Security

July 3, 2009 1 comment

How do you know if your password is secure? Here I provide some explanation as well as some tips.

MAKING A GOOD PASSWORD

Notice: All password length estimates are for moderate security; for extremely long-term or high security, the password should be half again as long. Longer than that is excessive. It is possible to get away with passwords about half as long (see this for some real-life timing data) but for a good security margin, passwords should be as long as my estimates. Modern encryption algorithms use 128-bit keys, even though according to Moore’s Law those won’t be breakable for another hundred years. Really secure systems use 256-bit keys, which won’t be breakable for another three hundred years if all goes well. So since encryption algorithms are conservative, I will also be conservative, and will assume a 128-bit margin of security. It is possible to get away with less, but a truly secure password should contain 128 bits of information.

In the best-case scenario, your password is a random combination of characters. And I don’t just mean letters: I mean all characters. There are 95 possible characters total (see Wikipedia). For good security, a completely random password should be at least 20 characters long.

But you’re probably like the rest of us, and have difficulty memorizing (not to mention typing) that sort of thing. So let’s restrict passwords to only letters (capital and lowercase) and numbers, allowing for 62 characters. A completely random password of this sort should be 22 characters long. But if it’s not random, you can still get away with the password being close to the same length; as long as it’s fairly unpredictable and relatively immune to a dictionary attack (see below), 25 to 30 characters should suffice.

If only lowercase letters are included, 28 characters are necessary to ensure security. Unless, of course, the password isn’t random. If it’s made up entirely of words, it should be more like 60 characters.

A password made up of numbers only is very impractical, and I don’t recommend it. Firstly, they’re hard to remember. On top of that, you need 40 random numbers to have really good security.

DICTIONARY ATTACKS

A dictionary attack is a powerful way of determining someone’s password, and you’ll want to be sure you’re protected against it. A dictionary attack is where someone looks through the dictionary and tries every single word to see if it’s your password. There are also variants, where it tries, for instance, every word in the dictionary followed by the number 1, the number 2, etc. There are also more complicated variants that factor in multiple words and combinations of numbers.

It is acceptable if your password contains words, but they should be surrounded in numbers and/or random characters for protection against dictionary attacks. Try using a made-up word that only you know, or a number sequence that has a special meaning to you.

DIFFERENT PASSWORDS FOR DIFFERENT PLACES
See this site for more information.

Have some method of differentiating passwords based on what the password is for.

One way to generate unique passwords is to choose a base password and then apply a rule that mashes in some form of the service name with it. For example, you may use your base password with the first two consonants and the first two vowels of the service name. Say your base password is “asdf.” (See how easy those keys are to type?). Then your password for Yahoo would be ASDFYHAO, and your password for eBay would be ASDFBYEA.

HELPFUL TIPS

For most web pages, the password I use is a made-up word that only I know. It also has a special form of capitalization, making it even harder to guess.

For more secure purposes, I use two obscure words intermixed with a seemingly random number sequence that has meaning to me, but is virtually unguessable. I recommend something like that for good security. Additionally, though, I don’t just type the two words. Since I am fluent in multiple keyboard layouts, I can set my computer to use one layout but type in the other layout. The result is a string of apparent gibberish. (If I retype the previous sentence using this method, it comes out as “Fek lkjiof ;j s jfl;dg aw svvslkdf y;cckl;jep”.) It’s not hard to decipher if you know the layouts that I use (especially now that I’ve told you), but it makes the password appear random to someone who doesn’t know what I did. If you can do anything similar to this layout change, you definitely should.

Try having multiple words in your password, each in a different language. This makes dictionary attacks much harder, as two or more languages have to be searched. English has far more words than any other language, so try one obscure English word and one word in some other language. It could be an obscure word in a common language such as Latin, or just some word in an obscure language such as Swahili.

At this site, you can find some more info on password security, as well as a password security meter. Check it out.

Categories: Computer Science, Math