Passwords: Secure websites thwart security

I’m so #*&@*$! frustrated with websites which limit the range of characters I can use in passwords.

I’ve adopted the fairly standard approach of creating three username/password pairs: one for high security sites like banks, one for medium security things like gmail, and one for low security sites. This means I only need to remember three sets of things, and if one is compromised, it only compromises sites at similar security levels.

I choose reasonable passwords for each. E.g., fairly long (more than 10 characters), mixed case, including digits and special characters.

However, this only works if all sites accept passwords that are that good. Or, if you’re willing to compromise password strength, it only works if there is a password, any password, that all sites will accept.

Unfortunately there isn’t such a password.

I use sites which variously require:

• No more than a 5 characters. (Think PIN.)
• No fewer than 6 characters.
• Must have a special character.
• No special characters allowed.
• Must have a capital letter.
• Only numbers allowed. (Think PIN.)

So there is no single password which can work across these sites.

You’d think that all bank sites (at least) would allow long passwords of any characters. However banks are typically the worst, frequently requiring a PIN (exactly 5 numbers). (For some reason, their website passwords must also work at ATM’s.)

So not only am I forced to use a less secure password, I’m forced to create more passwords than I need (and than I can remember). So I’m forced to write them down — another insecure practice.

Why are there ANY websites today which disallow long passwords made up of any characters? (Since passwords should really be stored as secure hashed values of the strings, never the actual cleartext, any length string of any characters should easily be allowed.)

Portland Streetcar: Pain, but no gain

Portland has a streetcar.

You can walk as fast as the streetcar. So if the streetcar isn’t there to pick you up exactly when you arrive at the stop, you might as well walk; the streetcar will never catch up with you.

But I always believed that, should the miracle occur that the streetcar is there waiting for you, you should get on. I discovered I was very wrong.

One day while riding the streetcar, we got stuck because of an illegally parked car outside a hotel. The car was slightly blocking the tracks. From talking with the streetcar driver, apparently this happens very frequently outside this hotel!

It turns out that, even though we were stopped, right next to a sidewalk, with no immediate hope of moving, the streetcar driver is not allowed to let us off (since we weren’t at an “official stop”). But neither is she allowed to call the cops to have the car ticketed or towed. (Did I mention she said this happens frequently !!!)

She did what she said she always does: called her Tri-Met boss who called the hotel to ask that they try to get the car moved. And 15 minutes later someone moved the car.

Now think about this for a moment.

I suspect the hotel will never do anything to prevent future abuse. Why should they? They get a nice phone call from Tri-Met when it happens, and the hotel patron apparently finishes their checkin before moving the car. Very convenient for the hotel.

But what about the 20 people held hostage inside a parked Streetcar?!?!?

Instead of being forbidden to call the police, why isn’t the Streetcar driver required to call the police? Why isn’t the car impounded and, in addition to the car owner, the hotel fined or rebuked? I bet that would ensure the hotel clearly marks the parking spots and that, when a new guest enters the hotel, the staff rush to them to ensure they haven’t illegally parked their car.

Oh, and Portland is going to extend and add additional streetcar lines because it’s such a success.

SOLUTION to iTunes: I’m not done listening to that!

Hallelujah! I figured out a solution to my previous rant about iTunes removing podcasts from my iPod before I wanted.

With the iPod plugged into iTunes (7.4.3.1), navigate to your iPod (under Devices). The displayed page typically shows the “Summary” tab; select the “Podcasts” tab. I was using the Sync “all new” setting. When I change it to the “all unplayed” setting, I get the behavior I want: It leaves podcasts on my iPod until I have played beyond the end. (At which point iTunes will display a non-empty “Last Played” date for the podcast – but only in the Libarary / Podcasts screen, not the Devices / my iPod / Podcasts screen.)

The key here is that:

• “new” means never started listening to
• “unplayed” means never finished listening to

This appears to be the opposite of what Apple’s FAQ states:

If you are syncing podcasts automatically to your iPod, do not set the Podcast Preference in iTunes to keep only your unplayed episodes. If you select this setting, listen to part of a podcast on your iPod, and then sync, the podcast will disappear from iTunes.

And this seems to be because at some point Apple changed their terminology from just “unplayed / played” to “new (unplayed) / not new (unplayed) / played”. (See this thread.)

And why is it I can never find all these useful postings until after I’ve figured out the solution? Once I know the solution, I know the right search terms to use. Just like you can’t use the dictionary to learn the spelling for a word without already knowing how to spell it.

iTunesU: More than a podcast? Unfortunately, less.

iTunes now has the iTunesU section where universities can post content, typically class lectures. It allows universities to have a more organized and branded presence in iTunes than just a collection of podcasts.

But let’s be clear. These are still, at heart, podcasts.

That’s not bad; in fact, it’s good. Because the capabilities provided by the podcast mechanism fits perfectly with what a lecture series needs.

Listeners need a way to subscribe so that they automatically receive new lectures in the series. They need a way to listen to a long lecture that allows interruptions and remembers their place so they can return to it. And they need a way to remember which lectures they’ve listened to and which they haven’t yet heard. Exactly what a traditional podcast accomplishes.

Why then do hardly any iTunesU downloads avail themselves of any of these featuers?!

(Insert expletives between every other word in the preceding sentence.)

I.e. why can’t all iTunesU offerings do the following?

• Offer downloads through regular podcast subscription.
• Check the Remember playback position option.
• Check the Skip when shuffling option.
• Have them show up in the Podcast list until they’ve been completely listened to. Then have them disappear.

I am soooo frustrated every time I download from iTunesU and forget to manually check Remember playback position and Skip when shuffling. I seem to repeat this scenario endlessly: I listen to half of a 90 minute lecture on the bus going to work. At work I listen to music (occasionally shuffling from songs into another 90 minute lecture – oops). Then on the bus home, I discover that I’ve lost my place in the morning lecture. (But universities must think that a fit punishment for not enjoying the lecture in a single sitting.)

Some will be quick to point out that, because the universities assume I wont want their downloaded lectures automatically deleted from my iPod or iTunes after I listen to it, I must not want a traditional podcast. While this might be typically true for an enrolled student taking the class for credit, I believe it is typically not true for the rest of the world.

My point is to give us a choice. Why not make the lectures available both as a traditional podcast and a new pseudo-podcast? (Will you at least enable the Remember playback position and Skip when shuffling options? Who would not want that??)

My understanding is that this is not a limitation of iTunesU, but a choice made by the particular iTunesU author. And that even though none of the universities I listen to enable these features, there are some who do. I.e, it is the choice or inexperience of the university which causes this.

If it’s inexperience, I’m surprised Apple doesn’t do a better job of giving guidance. Ditto if it’s choice, actually.

iTunes: Each playlist needs a checkbox

Like individual songs, each playlist needs a checkbox to decide whether it gets sync’d to an iPod or not.

I have lots of playlists, only a few are relevant to my mobile listening needs. But I’m forced to scroll through a ton of playlists on my iPod to find the relevant ones.