sparkinson's comments

This is a tool I developed after struggling with an increasingly large bash script for my pre-commit hook.

The focus is on enabling others to easily develop their own checks/reviews.

I'll be looking at adding Mercurial and SVN support in the near future.

Would love to hear any feedback you might have.

Is it up? is correctly reporting: http://isitup.org/google.com

Same at http://www.isitdownrightnow.com/google.com.html

Looking around there doesn't seem to be any news on a breach at name.com, official or un-official (aside from this of course).

It does have me worried however.

Are you saying that you are happy to type in an entire sonnet when prompted for a password?

Being realistic, to expect someone to type in such a long password regardless of if they can remember it or not is clearly unreasonable.

The thing is for your personal bank account a 15 character password is acceptable.

But for x many customer credit card details you're really looking for a much longer password that that. I'm talking 64 characters or more of pure random data.

You shouldn't be compromising for the convenience of being able to remember a password when it secures such critical data in my opinion.

Edit: I do agree though that your method is a very good way of remembering password.

Not really, just more than one person as is implied in the grammar.

Edit: Theses "making an assumption" arguments are silly. It is good practice to assume the worst case, to assume the best in this situation is bad.

It'd be worth having a read of the logs, if true it appears that the attack was only to compromise a specific target.

The fraud won't occur till the database is released and the private key is cracked.

I'd argue that actually it's better to assume the worst case here, not what it potentially could be.

That and the fact that an offline attack can be run on this key is not promising.

> in our heads

So it's short enough to remember and likely has some sort of pattern. There's a limit to what a person can remember, lower if there are several people that have to remember it.

> I'd prefer a new foreign car that has certain limitations to a used Jeep that I can extend in any way I want.

Are you sure about that?

Check out CloudFlare, they provide some great DNS services with some added bonuses.

I doubt it's robust and stable enough to use in a hospital yet.

I believe the unit and frame are separate. As mentioned there are a few examples of the units being on standard glasses with lenses.

I would have thought it'd pair with your phone, with the phone doing all the hard work. The glasses really just being a display and recorder.

That's just their small device (NEO). I have two of their normal sized one that I use for several sites already for 2-Factor. The YubiKeys are actually pretty robust and safe enough to keep on a keyring.

The key to this is to still require something that you remember like your username (and/or a password), they will get stolen and it is too risky for these tokens to be the only authentication factor.

As long as users are educated that these tokens should in all ways be considered a set of keys then security can only be improved with them.

I understand that there is an expectation for Nokia to resolve this concern in some manner, but why do endpoint sites not simply block requests from the proxy?

I mean if I was a bank it'd properly be in my interest to protect my customers from using a known insecure proxy (regardless of who manages it).

No need to spend a whole load of cash if it's only personal.

Check out http://www.lowendbox.com/ for some dirt cheap VPS deals and guides on how to configure a limited resource server if you're new to it.

I currently use two providers I found from there, 3 containers in total. Having more that one allows me to simply switch if a host goes down.

(For a static site, it can be quite fun to see how much you can squeeze out of 64MB of ram.)

Oh wow, I didn't even notice how old it was. Guess it was more of a hit a run thing. A shame really, though it was a nice use of Mechanical Turk.

Seems your site is taking a bit of a hit: http://isitup.org/www.domainpolish.com

What a great idea though, glad to see it's a success! Now you just need to automate it a bit further.

Ah thanks for pointing that out, it was baffling me and I couldn't even send feedback :P