Security Done Wrong

If you know much at all about computer security, and more specifically authentication and passwords, you know that the problem is immensely difficult. You have to deal with the play between impossible-to-remember strong passwords and easily-remembered-but-easily-cracked user created ones. It is not an easy problem to solve and it seems no traction has been made on this in recent years.

I did come across a case where someone has taken security to a ridiculous extreme. I was trying to order some transcripts from the University of Louisville and I haven't been a student there since 2002. At first it didn't seem so bad: I was able to drudge up my student ID number to get my username and then got my password reset. Great, that was easy, now just login and request a transcript... Nope. I have to have a PIN to login to the registration system, not my regular password that is used for everything else. No recovery option available either. Ugh. Grabbed the phone and called the registrar to get it straightened out. The man was very friendly, took my student ID and some authentication information. Good, sounds like he can help.

"Now the PIN is a 6-digit number that you made up when you became a student. If you were going to make a 6-digit number what would it be?"

My mind went blank. Ummmm?! "Maybe it was my birthday?"

"No sir, that is a date." This is when I knew I was in trouble. I tried the 6-digit form of my birthday and no dice.

"I really have no idea what it would be."

"Well then you will have to mail in the transcript request form."

"There's no way of retrieving or resetting it?!"

"No sir it was set by you and we cannot do anything to it."

What a terrible system. If you are a student using the system every semester to register and such (assuming registration uses the PIN) this would be fine. But is it a realistic expectation that I will remember a number I made up 8(!) years ago from a totally different place in my life?

"Sorry Mr. President we can't launch the Earth saving device until we get your identity authentication passphrase! You set it 45 years ago when you turned 18 and it's impossible to recover. Now what is it before humanity is destroyed?"

Is this really telling me something?

I was recently going through the October issue of Discover and tucked away in the back between pages of lame ads is the "September's What is This?" on page 75. It is a visualization of the Bible Chris Harrison at Carnegie Mellon that uses colored arcs to show references between the books of the Bible. It also throws in length in verses for the chapters of the books along the bottom, a secondary viz of sorts.

This is all fine and dandy but I have to ask: What is This? *How appropriate eh? nudge nudge* To be fair, Chris makes it clear that he put together this viz to be "something more beautiful than functional." I'll give him this because a nice rainbow pattern emerges due to the arcs being colored based on distance of the reference. But he then goes on to say "At the same time, we wanted something that honored and revealed the complexity of the data at every level –- as one leans in, smaller details should become visible."

This leads into something I've noticed with visualization in general: in the end all these fancy new ways of representing data aren't really helping me draw any conclusions. The golden oldies are much more effective at the actual goal of visualization: "Visualization is any technique for creating images, diagrams, or animations to communicate a message" (from Wikipedia).

It may be my untrained eye, but this graph is not revealing anything about the complexity of the data. Is it simply that there is a fairly even distribution of long and short arcs? Anyone familiar with the Bible could probably tell you that. What else is going on here to make it worthy of being in Discover? I'm not trying to pick on Chris here, he's just a high profile example of how I mostly feel about the "making graphs" part of the field. Especially while in grad school, I came across many projects that I simply looked at and said "So?"

Just to end on a positive note I think Chris's website design rocks.

Conundrum of Choice

If you follow the Linux world at all you have seen the same questions asked and topics debated over and over again. Is this the year of the Linux desktop? What is holding Linux back? What's the best way to bring new people into the fold? Can grandma be happy with Linux? All free software or take a more accepting view of proprietary software?

While these are all important discussions I think the most important question discussed is whether there should be a "standard Linux." I've seen people get extremely flamed to Sunday and back for even having the guts to bring this up. But why is there such vitriol against the idea?

I've had family and friends ask me "how do you know all this stuff?" in amazement as I can tell them some way to fix their Windows problem from memory over the phone. How did I learn this stuff? Well, besides having to do it a million times, there is only one way to do it: "Open Explorer, go to Tools, ..."

In Linux this is not the case. At all. Sure, I can tell them to open up a terminal/console and type in some commands but uninformed user shudders at this; clicking buttons is their comfort zone. This leaves Konqueror as the way to do things. Oh wait, it's not just Konqueror. There's Dolphin, Nautilus, Midnight Commander, Thunar, and on and on. What prompted this whole thought process is this editorial at ZDNet that is a rundown of the 10 best Linux file managers.

Even an experienced computer scientist like myself cannot keep track of all the different ways to do something in Linux. This allows for a wealth of customization and allowing you to do things your way, but this is really only a benefit to tech people who, let's be honest, can switch distributions and such as they please. An instance of the flip side for normal users occurred this summer. My students were working in a Linux environment and, though I told them to set KDE as their default, some people who had seen Linux before wanted to use Gnome. I let them, but later when they had problems translating KDE-centric instructions to Gnome I had to shrug and say "I don't know." This is where the "one to rule them all distro" makes sense: avoiding the huge hurdle that new users experience of getting help. Everyone joining the party would be in the same boat, everyday users could give each other tips, online guides would be simplified and they'd never find one for the wrong environment, and techie people would only need to learn the generic way and then whatever way they prefer doing things.

Ah but that would make too much sense. People will continue to bicker for all eternity because they don't want Ubuntu to become the standard over their beloved Fedora (replace those two with any other distros to your pleasing). They'll say it isn't in the spirit of Linux or that it's against free software because this Joe Everyman distro would have to include graphics drivers and media codecs.

Look at the rising popularity of Linux Mint and PCLinuxOS, the two that seem to have gotten the closest to this ideal. New users don't care about our tired and pointless debates, they are worried about practicality and usability. An article about the 10 best file managers isn't going to get their juices flowing like the rest of us.

To satisfy the grognards, isn't the spirit having a distro to suit everyone's needs? This distro-for-everyone would serve the users who don't care about customization and choice, the people coming over from Windows or Mac that are used to being told how they should accomplish something. If we are honest with ourselves these people are not using Linux now, so this new distro probably would not hurt the existing distros that much.

Graphing in Python

To begin, let me explain the project briefly: I set out with this project to learn a little more about grabbing data from the web, processing csv/xls, and most importantly graphing in Python. I decided to investigate the question of whether gas and oil prices are tied very closely because we all notice how much gas jumps up and for apparently no reason. For more information about the results see my Sugary Donut blog entry.

What I want to discuss here is Python's graphing capabilities. There are no language features for it, but plenty of people have developed libraries for it. I initially considered cairoplot and matplotlib but dismissed them as being "too big and complicated." I wanted something simple, quick, and without dependent packages. gnuplot got rejected for similar reasons as well as just not looking cool enough (imagine that, an ugly gnu tool *rolls eyes*). I initially started with PyGoogleChart and I immediately hit the problem that the graphs were of limited (re: poor) quality. This made me move onto PyChart, which looked like a well maintained project. I again ran into graphs of small size but also had trouble displaying the data in the way needed. The largest stumbling block was getting the dates to display along the bottom. I found examples of this convoluted solution of associating values with each date (so the values are plotted and the dates become the labels along the axis) on the PyChart website. However, I never really got this to work the way I wanted and it felt like a hack.... the back kind. Thus I gave in and decided to give matplotlib a try and I wish I had chosen it to begin with. It easily handled date data for one of the axes and required no coaxing or hacks to get the graph I needed.

My complaint with matplotlib (as well as the others) is poor documentation. There's no "here's the easy explanation of how to do this stuff." To get the matplotlib stuff finalized I had to dig through FAQs, various examples, and the API documentation just to get a simple graph to look the way I wanted it to. Yuck.

Check out the code

Apple Snags Coveted Market Segment

Daily Tech mentions a Business Insider article that talks about Apple dominating the >$1000 computer market with a whopping 91% market share. I have to say that that percentage is impressive no matter what, but upon further thought it may not be as big a deal as some are making it out to be.

The first thing to note is that it says other makers are "stuck" in the sub-$500 range. In June the average computer prices was $701 with PCs averaging $515 and Macs $1400. Because the average of these numbers is nowhere near the given average I'm not sure what they are including in those categories.

Anyway, I would say there are only a few types of PC buyers. Tech people (who could go either way), Mac lovers, and everyone else. "Everyone else" largely buys those cheap PCs for various reasons and Mac people try to steer them into Macland. Thanks largely to the success of the ipod-itunes combo along with the iphone Apple has been gaining a lot of users. But do these people have a choice? Apple doesn't exactly offer a cheap computer, so this for one skews their numbers. Side note to Apple: if OS X is so efficient and stable why not release a cheaper computer with toned down specs and try to gain even more market share? Might as well ride the "Apple is hip" wave while you can. I have a feeling they don't do it because it would cannibalize their high-price (and high-margin) hardware.

The second skewing point is the (probably larger) portion of the "tech people" crowd that opt for a regular PC, which include the gaming crowd. These people generally know their way around inside the computer and, as a result, are more likely to build a computer from scratch and then might upgrade rather than purchase a new one. They can even do this for the "everyone else" category. These numbers don't show up as a PC sale and I believe could make a significant impact on market share percentages, especially because few Apple users upgrade and Apple itself doesn't exactly make it easy.

A little food for thought when considering the market share. But, as I said, impressive for Apple nonetheless, who is on quite a run even in these dark economic times.

The Minimalist's Assertions

The other day, Linux Today had a news item linking to this site. Yet another blog link of someone shouting at the ether that somehow made the news. Maybe I'm just jealous I don't make the news; that's good though, that means I'm still undiscovered and real. I'm not sure this particular piece should have because the points given are so hackneyed it's not even annoying anymore. It did make me think about the overall philosophy though. Why do the supporters of the minimal distros keep beating the same drum over and over?

The points this guys presents:

1. A slower release cycle.
2. Speed.
3. Stability.
4. Minimalist install.
I'll skip his last point about the brown color scheme because that's too much of a personal opinion thing.

I think his points are valid from a narrow point of view of a technology enthusiast, but my argument is that for the everyday user or even the lazy technologist like myself, these aren't all that important. We want an easy-to-use box that gets out of the way to let us do more important things, like waste time on Gmail.

These are obviously important to the community because, as I said, these points get reiterated every so often, but why? I have to wonder if it is because the new users coming into Linux are not interested in the "hardcore" distros and the people who love them are feeling threatened. Ubuntu, SUSE, PCLinuxOS, and others are all expanding the Linux audience and I am extremely excited about this. I think that the nerd market already knows about Linux and has been using it, so these new users will more and more become, by a large percentage, casual or non-tech people. And this means that Slackware and the like will continue to be pushed to the fringes, which always brings up the problem of irrelevancy over the horizon and exodus of developers/users. Yes, these casual people could eventually desire to learn more and try something like Slack, but let's be honest in the fact that this probably will not happen. Ease of use is number one for a lot of people and I think that's truly the divide between Slack and Ubuntu (and others that fall in each category).

To give a personal anecdote, I've been using Linux for many years now, have a graduate degree in computer science, and generally am patient enough with misbehaving technology to root out the problem and fix it. Twice now I've gotten the gumption to install Arch because I'll be in control. I'll make the decisions. It'll be MY computer. I'll "learn Linux" instead of "learn Ubuntu." But what happens is I get tired of messing with the OS instead of messing with whatever I'm trying to accomplish. I will admit my second go at Arch was much quicker and seemed to have a little more automagical configuration than I remembered from the first install. There is a fine line that Arch (Slack, etc.) take a small step over in pushing things onto the user that should happen automagically because it just doesn't matter. Setting up hardware is the best example I can give here: I don't care how my sound card is configured, just do it so I don't have to figure out that I have to unmute some channel in the command-line alsamixer.

But that's the beauty of Linux distros, there's something for everyone.

You eyeballin' me, snake?

A large part of my summer class at Duke TIP this year involves making games with PyGame. Not having used it before I've been teaching it to myself in preparation for class, so I have been on the site for tutorials and documentation quite a bit. I'll probably post a lot of my thoughts on both teaching with Python and Pygame and Pygame in general as I dig further into my course. For now, I just wanted to say the main snake logo on the top of the PyGame site surprised me yesterday. I noticed that the image is actually animated and the snake's left (the viewer's left, that is) moves every second or so. This "feature" may have been there for quite some time, but this is the first time I noticed it so it caught me off guard and made me smile!