how to choose secure passwords

"I need to change the password on my email account. Someone managed to figure out the old one."
"That's why your password should always include numbers as well as letters. Everyone thinks its fun to use the name of your dog or boyfriend, but that actually makes it easy to crack."
"My old password was Gj7B!X."

Greetings from a former RCC. This post exists because a friend fell for phishing, and it worked due to universal password usage. Universal passwords are bad, bad, bad. *finger wagging*

Guidelines for password selection:

• use at least one number and one letter.
• use both upper and lower case letters if possible.
• also use at least one special character or punctuation mark (if permitted).
• be at least seven characters long.
• do NOT use dictionary words (especially in English), names of people/pets, addresses, birthdays, SSN's, driver's license #'s, passport #'s, variations of your usernames/aliases, or phone numbers. or for that matter, fundamental constants (e, pi, the speed of light, square root of 2, sequences of perfect numbers, fibonacci sequence, or if you do choose one of the irrationals, don't start in the first five digits or so)
• do NOT use patterns on the keyboard (i.e., qwerty, ;lkjh, or 2468)
• And change your passwords every three months.

You might ask: how the hell am I supposed to memorize a unique something like Q34jp$s! for every account I have? and change it every three months?! Who do you think I am?  River Tam?  Veronica Mars?

Actually, it's easy. Pick a novel, movie, or a book of poems. Pick a page/passage/quote at pseudo-random. Pick a sentence with a number in it. use the first character of each letter, preserve punctuation, use actual numbers to represent the numbers or constructions like "some1" If you're really desperate for numbers.  (Okay, fine, you can take every prime-th decimal digit of pi.  I'll allow you that.)

Now you have secure passwords. Remember, passwords are like underwear. Change often, don't share.

Current music: Slow Runner - Make you love me

H1N1: pandemics in perspective

My dear critical readers, I know you're a smart bunch. I recognize the need to not freak people out, but seriously: what is wrong with presentation of the following data set?

WASHINGTON (CNN) -- The swine flu virus that has sparked fear and precautions worldwide appears to be no more dangerous than the regular flu virus that makes its rounds each year, U.S. officials said Monday. [That's last week, Monday a week ago, mind you.]

"What the epidemiologists are seeing now with this particular strain of U.N. is that the severity of the disease, the severity of the flu -- how sick you get -- is not stronger than regular seasonal flu," Homeland Security Secretary Janet Napolitano said Monday as the worldwide number of confirmed cases of swine flu -- technically known as 2009 H1N1 virus -- topped 1,080.

The flu has been blamed for 26 deaths: 25 in Mexico and one in the United States, according to the World Health Organization.

First, reporting the raw numbers of deaths in the upswing of an epidemic tells you nothing about the dynamics of the situation. Moreover, "how sick you get" or the severity of the illness is NOT the same thing as how "dangerous" an illness is. I don't know if I'm the only one who thinks this, but I would evaluate the "dangerousness" of an illness as its fatality rate, that is, if you get sick, this is the probability that you will actually die. For instance, the probability you will die in a given skydiving jump is 1 in 100,000 (0.001% fatality). [1] Similarly, "you would have to jump 17 times per year for your risk of dying in a skydiving accident to equal your risk of dying in a car accident if you drive 10,000 miles per year." [1]

The fatality rate for the 1918 H1N1 flu was > 2.5%, as compared to < 0.1% [2]. In comparison, fatality rate is about 0.1% for the Asian and Hong Kong flus,[3]. Let's take a quick, back-of-the-envelope look at the numbers for the 2009 H1N1 virus. It has been in Mexico the longest, so we have the best sample size in terms of latency. 58 deaths divided by 2,282 cases gives us 2.54% (5/12/2009), which looks pretty similar to the 1918 H1N1 virus.

There are a couple ways of looking at this. The fatality rate of swine flu is approximately 1 - fatality of anthrax (in 2-3 days). And given the population of the planet, even anthrax has no chance of ending civilization. And the Black Death, depending on your geographical region, killed 20-80% of the population. (The fatality rate of the bubonic plague is supposed to be in the neighborhood of ~50% in 3-7 days without treatment.) In comparison, the fatality rate of SARS was ~9.6% (globally, with medical attention), even though it varied widely by region. [4]

So... no, it's not the end of the world. 2.54% risk of death is not large in the grand scheme of things (looking at the planet as a whole), but it's pretty high for normal life. And remember, this is risk without potential reward, thrill, or even entertainment. On a personal level, my fatality risk acceptance is ~1% for, say, the magical granting a superpower of some kind (the alternative being 'life continues as normal'). Higher if I get to choose the superpower in question. Maybe about ~0.1-0.01% if I only level up. (Those who know me know that I am generally not at all risk-averse. For instance, when playing video games, when you don't die in real life.)

Seriously, wouldn't you rather go skydiving instead? Yes, go skydiving about 50 times a year for the rest of your natural life (assuming you're 25 now...)? Or go skating on thin ice? If there's a medical team within reach, your risk of death from hypothermia is relatively low.

Don't. Panic. But go wash your hands.

Current music: t.A.T.u. - Белый Плащик

Speaking of business models with large revenue streams while making absolutely no real contributions to society...

When the RIAA strikes, the settlement funds do not get paid to artists, but instead fuels the system, accelerating the cycle of litigation.

Settlement payments can be made on a website, where the funds are used to sue more defendants. None of the money is paid to artists.

The quick settlements have left largely unexamined some basic legal questions, such as the legality of the RIAA's investigative tactics, and the question of what proof should be required to hold a defendant liable for peer-to-peer copyright infringement.
(Source: Wired)

Ummm... wait, why is this still an issue? Oh, right, this is why.

Here's a not-so-radical idea. Consider the model of the initial release of Radiohead's In Rainbows, where customers could pay whatever price they deemed appropriate for the music. Let there be a site where fans can pay artists directly an amount they deem appropriate, that is, knowing that the musician's cut is around 60 cents per song download (do correct me if other sources differ). That way, fans can retro-actively contribute to the lives and livelihoods of musicians whose work they like after being affected by their music.

And even if you're one of those people who only listen to music on Pandora (or primarily/exclusively to artists who release under creative commons), you could contribute to your favorite artists, a bit like giving them a proportional thumbs up in the scaled, quantitative democracy of capitalism.

Scarcity of replicable goods/services/media is simply not a property of the Information Age. Scarcity of eyeballs is. The wise have already realized the emergent characteristics of this paradigm shift.

Current music: Peter Gabriel - Down to Earth

An Immodest Proposal: how to pay for the bailout and help people at the same time

The bailout is going to cost taxpayers, both present and future, a huge amount of money, something for which we'll be scrambling to turn out our pockets for generations. So, here's an immodest proposal.

Issue a special-issue low-yield bailout savings bond, available in 500K or 1 million USD denominations, marketed at potential immigrants to the U.S. If you are a permanent resident (green card holder), and you purchase a 500K bond, you get expedited U.S. citizenship, and if you are a non-permanent resident, the purchase of a 500K bond will get you expedited permanent residence status. Or you could buy 1 million and go straight to citizenship. The usual residency requirements will still apply (which would have a large positive impact on the housing market).

The population of the United States is a little over 300 million. The increase in population would be a drop in the bucket. Moreover, this would be a self-selected population, evidenced not only by the willingness to pick up and leave their country of origin (thus entrepreneurial in spirit), but also in shelling out half or one million US dollars. The individual who can afford to shell out/lock in 500K or 1 million USD, given a residency requirement, will very likely be spending significantly in the U.S. economy, thereby speeding up the economic recovery even more.

Of course, you might ask, who is the target market here? There are wealthy parents in China who easily spend a couple million dollars for their child to go to school in the U.S. (housing costs, navigation of bureaucracy, etc.), some to escape the grueling examination system which still suffers from a low number of slots for the number of students, others because they wish to seek a long-term existence in the U.S. anyway. So, grant them citizenship. Make life easier for everyone. It'll be worth a couple million to them, and the economy needs it.

Current music: Bon Iver - The Wolves (Act I And II)

Happy New Year!

Look at it as a humorous insightful commentary on China in modernity. Jay Chou rapping with a little break-dancing kid (who's probably kick-ass at wushu) about medicinal herbs in front of a giant dancing ginseng, and then traditional drums, trimmed with LED's, beaten on by nun-chucks.

As a child, I was given a necklace with 卿 (prime minister) inscribed on one side of a gold pendant and Zhuge Liang on the other side, and told that Zhuge Liang, the master of statecraft, would watch over me and protect me.

Red Cliff is highly aesthetic, both in the Inara dimension (palace scenes feel like Hero) and the action-dripping-with-style dimension (visualize Infernal Affairs). Musically, well-composed. In the Zhuge Liang and Zhou Yu musical duet scene, you really can decipher their communications by listening to them play. ("But, sir, you haven't even talked about the war.") But the pacing of the film is more reminiscent of Baraka. A lot of time is spent carefully setting up the scene, building up the action, methodically hanging Chekhov's guns on the wall, an air of 'just-bear-with-me-a-moment-longer' anticipation. And when you think that which you are looking forward to is about to happen, you see in bright red calligraphy: "to be continued."

If I searched my memory carefully, I might have recalled seeing two posters for Red Cliff one for each installation of the two-part film, but in the intervening time, it had truly slipped my mind. But seriously, what is it about an aesthetic cliff-hanger that jerks us forward by the wrists until it's difficult even to return a proper glare to the source of the motion? And to quote someone else's review of Red Cliff II: Those who had lamented the lack of big battle sequences in the first film, well, you can continue to lament as this one only had ONE which takes up almost the last hour.

Current music: Faye Wong - Ban Tu Er Fei

Melpomene: can you describe this?

She longed to do something that would prevent her from turning back to Tomas. She longed to destroy brutally the past seven years of her life. It was vertigo. A heady, insuperable longing to fall.

It is actually warm in the middle of a Chicago winter. There is mist tumbling headlong down the empty suburban street, eerie with presence. Not because white wispy things are ghostlike and fill the air with a sense of depth and distance, though they do, but because we are creatures of habit, of motifs, glorified coincidence detectors straining out drops of meaning where there might be none. The snow is melting with re-refrozen ice like the aftermath of an arctic valentine. Fog pours through the trees of the forest preserve among the starkly black tree trunks, naked with winter. It could be the photographic negative of itself.

In the sunset of dissolution, everything is illuminated by the aura of nostalgia, even the guillotine.

It is not a dry season, but it is a dry season. Eurydice and Persephone have descended for some time now, and we hold our breath. There is a dream where I descend a downtown building, turn down the street with trees done up in lights. But it bears no resemblance to a Chicago winter -- the dark evergreens have no snow, and it is a temperate evening. And I am being followed by an observant presence; I don't fear it any more -- it is not a bad presence, even oddly protective in a way. But its invisibility and intangibility are disheartening. It follows me along the path past the sandstone bridge among the teeming greenery into a park, also sparkling with holiday lights, like high notes falling in the air. It is a gasp in that breath held for seasonal deities. The others in the park can not even sense it.

Miles of veins fan out like a road map.

It's the nth piece in a series of this variation on a theme, dreams which began rather horrifically at the beginning of the week. The presence's existence depended on its proximity to me and I, fearing its otherness, banish it repeatedly, only to see it return, scarred a little more each time, like a disintegrating rag (hold on, love, to the rage that sustains you now...). The formless thing condenses to water in my hands only to slip through my fingers, and return to formlessness. I can search for it. Or for the book of mirrors. I know I am looking for the photographic negative. Debussy realized rain falls in minor thirds. The interval is constant even if its placement is shifted each iteration. It falls at a slant in the distance never reaching the earth.

Current music: Jon Brion - Spotless Mind

the sea is wine red

The 'Princess of Nebraska' noted that 'moving on' is at core an American concept. Sever your connections to the past and reinvent your identity. Come full circle in a helical fashion. Remember the child who wanted to break free from something she couldn't define. The shadow of a once-perfect garden, flawless precisely for being imaginary. Mostly. Real enough to run from, turn from. Avoid anything that shares some common element with that. Remember being her. The world is full of possibility, chaos pursues its own order, normative and imperative statements are irrelevant. There is only: I can do this. I can staple around the pages of the past seven years of my life and say, here lies a chapter.

Here is the masquerade of detachment, desire long held as a biohazard in containment. Here is all the hurt, rage, regret, and disappointment this wisp of a body was capable of holding and experiencing, encased in a neat pellet. Here is the scene with Charles Townsend, "She weeps for the lively, vivacious girl she once was," swallow this, and make misery beautiful. Here, a volcano was muted so long its face was washed into the earth, and we are left with a cork still looming. The Devil's Tower shadows the plains, marking time like a sundial, memory without its container. Please God, make me a stone.

Current music: Blue Foundation - As I Moved On