So sometime back around 2004, AOL first came out with the ability to forward instant messages to your cellphone when you were signed off of your computer or marked as away.  This seemed pretty cool, at first, because the cellphone I had just gotten at the time could receive unlimited incoming text messages, as long as I was in my home calling area.  Unfortunately, it got annoying quickly when my friends who didn’t understand the difference between “away” and “forwarding to phone” would send me a series of questions too long for text messages…

I decided on April 17, 2004, (yes, the date is correct, and no, I did not memorize it) to do away with such nonsense and just create a new account (similar to my current screen name, but ending in “phone” instead of “geek”) that would be set to forward to my cellphone, and never be signed on.  I doubt I’ve logged in to it more than twice in the years since, and I’d frankly forgotten about it until browsing through my buddy list tonight.  It’s been in my list so long that my eyes just gloss over it as another “Me” account…

At any rate, the point of this was not to ramble about an unused account that I’ve had for years and nobody besides Jared and Scott have probably ever used.  The point was to give a shout out to whoever maintains the databases at AOL, because man… 4 years without more than an extremely rare login, and they still kept forwarding messages for me, carrying my account information along from (what I would imagine is) database to database to database, and are still forwarding messages on my behalf to this day.

Kudos.

P.S. if you need to send me a message anytime and don’t want to burn your own sms/minute quota to do it, feel free to use AIM, or text.vzw.com.  My phone’s screenname should be clear from above, or just ask 🙂

Dear { Relationship },

{ Emotion } on the recent { victory | loss } for { Addressee’s Political Party } in the 2008 American general election.  I hope the long road to this { extreme adjective } night has been a fulfilling experience for you, as you told off those { derogatory adjective } { other political party members } with your cunning words, clever rhetoric, and inescapable logic time and time again.  The next four years are certain to be a validation of all your { hopes | fears } as the next administration { saves the world | sells our childrens’ souls }.

Between now and the next election, I have just a few small favors to ask:

Grow up.  Be responsible.  Admit your mistakes and work through them constructively.  Work with your fellow citizens, in spite of your political differences, to address the critical issues plaguing our society.

America needs, in some sense, to be reset, and it’s going to take serious hard work at every level to do it.

Please help.

It feels a fair bit like this, here.

…it’s an enabling cultural climate for socially inept people. So if you come here and you have any germ of antisociality, it will, like moss, take hold and flourish.

I gotta work on that.

I saw a post at Schneier on Security this evening that I wanted to highlight.  In light of the Palin email hack incident, Bruce Schneier discusses the “extra security questions” that various websites will ask you to verify your identity in case you’ve lost your password.  You’ve seen these: the things like, “What was your first high school mascot?”  As Schneier points out, these are the opposite of increased security.  In fact, they can make you more vulnerable, because they are usually quite easy to figure out.

Let’s see… Colin grew up in Green Bay, WI.  Even counting the parochial schools and allowing that he might live as far away from Green Bay as, say, a radius of one county in any direction, that will leave us what, maybe a dozen school districts and perhaps two dozen high school mascots to try?  Hmm… what is harder to guess: a 8-12 character password of letters and numbers (36⁸+…+36¹² = 4,784 million billion possibilities) to log in to my account, or a high school mascot (24 possibilities) to get the opportunity to pick the password to my account?  Even if I were from somewhere with a few more schools to pick from, say New York, the list is still, shall we say, “short” compared to the number of passwords an attacker does not have to guess.

Oh, and shucks… Looks like I just gave away the answer to “City you grew up in?”

Thinking about this reminded me of a related experience from a recent ordeal in opening a bank account.  Near the very end of the application, the bank pulled data from my credit report to “verify my online identity.”  Presumably, they were going to ask me questions that only I or someone with very intimate knowledge of my financial situation and history could know the answers to.  Well, two slight problems with that idea.

• Problem the First: They had one of the answers wrong.  Believe me.  I took the test 7 times over several weeks, and surprisingly, I happen to know exactly what type (mobile, land line, pager, etc) of phone number the number I gave them was.  Their answer (whatever it was…) was wrong.  How do I know that I didn’t get one of the other questions wrong?  Well…
• Problem the Second: They asked a question anyone could answer correctly:  “In what state was your social security number issued?”  This doesn’t seem so bad on first blush: after all, you’d need to know where I was born to know that.  Except for the slight problem that births are public record, so anyone who knew enough about me to forge a bank application but happened to lack my place of birth could readily guess and find out, and second: social security numbers are issued with the first three digits identifying the place they were issued in.  Oh, and the application just asked for that social security number, too… funny, that.

I’ll not claim to be the security wizard that Mr. Schneier is, but I do think it is a great idea to try to think things through, and hope I can encourage that for you as well.

For those security questions? I like answers like: “My high school mascot was a enT&)slelj3734lcnsf8a-1-&&+{”

You either trust yourself to remember your password, or you don’t.