Re: Passwords: does size matter, what characters?
> MySQL has a password() function that can do the hashing, At least one of the common MySQL password hashing functions only cares about the first 8 characters of the password; the rest can be anything. I prefer to use MD5 for the hashes. --DTVZ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Used Laptops (was Re: METROCAST BLOCKS RESIDENTIAL E-MAIL)
I'm CCing my reply to the list because it sounds like Christopher meant for his question to go to the list. Christopher Chisholm wrote: I've been keeping my eyes out for an old laptop HD for a while.. I really want one of those USB 2.0 enclosures on a small drive, but the ones they sell are crazy over priced. I just want something like 5 gigs or more for some music/work files. Does anyone know of a good place to look for something like this? I usually check e-bay the past few times I've looked there wasn't really anything very cheap. I've not seen very good prices on laptop hard drives. They always cost more than 3.5" drives. About the only way to get them for cheap is to take them out of your old notebook when you get a new one, or if you put a bigger drive in your notebook.--I got mine when my old laptop stopped booting. I found some decent USB 2.0 enclosures at CompUSA. They're by Norwood Micro, and look kind of like an iPod. They're white plastic with aluminum cooling fins. Also, unlike most of the other enclosures I've seen, they don't require a second USB power adaptor. It gets all its juice on the one USB line. I've been using it for over a week now with good results. They cost about $25. thanks! -chris ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Used Laptops (was Re: METROCAST BLOCKS RESIDENTIAL E-MAIL)
John Abreau wrote: I've had good luck with eBay. I picked up an old Thinkpad there a few years back for about $180, and it still works well today. I thought of ebay, but I've not used my ebay id in about 6 years, and I'd rather not go that route. I found a couple sites today that sell refurbished laptops and they even offer warranties. Www.usanotebook.com looked like a pretty good place to go online. I think I'll do some looking around in the Salem (NH) area. I'll check out Microseconds and PCMax. It's funny, in a way. For $700 dollars you can get a brand new, low-end notebook, or you can get a mid-range notebook that is one or two years old that has better specs than the brand new one. I'm definitely going the used route this time around, as it is not going to be my primary computer system. Cheers, Jason ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Used Laptops (was Re: METROCAST BLOCKS RESIDENTIAL E-MAIL)
> I've had good luck with eBay. I picked up an old Thinkpad there a few > years back for about $180, and it still works well today. TigerDirect has reconditioned IBM T23's for $500 -- used with some protection and not a bad system. -- Bill [EMAIL PROTECTED] [EMAIL PROTECTED] ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Passwords: does size matter, what characters?
Ted Roche wrote: Designing a web site for a client, he asked what the general guidance was for passwords. Users are going to be logging into the site (just plain http initially, no banking info, SSNs or credit card numbers, all that comes after SSL and first round financing). Looking around, web sites I visit are all over the place and some are nonsensical (no more than 8 characters), others require a minimum of five, six, some allow alphanumeric but no punctuation. I usually throw in upper-, lower-, numeric and a punctuation symbol or two. Is there some reason to shy away from letting the user type whatever they want, assuming you escape it properly in HTML and the destination database? Not allowing them to use their login ID seems like a good minimal rule. > > Are there "commonly accepted guidelines?" > Let them enter what they like. I usually add punctuation to my passwords and have a little C program that outputs passwords of various lengths (the length is specified as a command line parameter). These passwords resemble line noise: ~mgMs;T!--I get frustrated with sites that won't accept punctuation. It's not difficult if you remeber to encode and decode the strings properly. The browser should encode it when sending it over, so decoding it properly is your main concern. I actually store my passwords for various web sites as plain text in a mysql database. I keep the passwords for my workstations and servers in a little notebook along with various notes about little admin tricks that I've picked up, etc. (Yes, I know, they aren't stored in the most secure manner, but I believe it is safe enough for my purposes.) If you're storing these in a database for web site authentication purposes, then you'll probably want to store a hash of the password and not the actual password. This is "safer" in case your database/server gets hacked. To authenticate a user, you'd hash the password input and compare it to the hash in your database. MySQL has a password() function that can do the hashing, or you could use some SHA or MD5 algorithm.--I imagine PostgreSQL also has something like the password() function in MySQL, but I've never programmed with Postgres. The other option is to use normal HTTP authentication and let htpasswd (if you're using Apache) manage the passwords for you. Anyway, that's about all I can think of that you haven't mentioned. I wouldn't impose too many restrictions on their input, but I wouldn't allow Joes (the user name as the password), and would probably require a minimum of 6 characters. Other than that, I'd let them enter what they will. Cheers, Jason ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Passwords: does size matter, what characters?
Ted Roche wrote: > Designing a web site for a client, he asked what the general guidance > was for passwords. Users are going to be logging into the site (just > plain http initially, no banking info, SSNs or credit card numbers, all > that comes after SSL and first round financing). Looking around, web > sites I visit are all over the place and some are nonsensical (no more > than 8 characters), others require a minimum of five, six, some allow > alphanumeric but no punctuation. I usually throw in upper-, lower-, > numeric and a punctuation symbol or two. Is there some reason to shy > away from letting the user type whatever they want, assuming you escape > it properly in HTML and the destination database? Not allowing them to > use their login ID seems like a good minimal rule. I forget who, but someone once said that using SSL on a web site is like using an armored car to take a message from someone living on a park bench to someone living on the street. That said, passwords are used more for authentication on most web sites than as an encryption key. So the password policy is whatever the site's customers is comfortable with. If there's a detection mechanism on the site that will spot attempts to gain access to an account (repeated failures, ...), then most sites will simply disable the account after X failed entry attempts, and spit out a message for the customer to physically present his/her-self at a branch office - or to call a 800 number and enter some personally identifying information. A lot of places feel you don't need rigorous passwords if they have an automatic disabling mechanism in place. > Are there "commonly accepted guidelines?" Yes. There are at least a dozen guidelines ranging from 4 digits (used by most ATM systems) to cryptokey generators. The critical point is not password length, but authentication mechanism. What happens if an unauthorized user gets hold of the password? How does the system tell if person A or person B is the fake? In the consumer space, passwords are used more for "casual" protection and "key splitting" (2 or more physically separate items are required for authentication) than anything else. --Bruce ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Passwords: does size matter, what characters?
Ted Roche wrote: Designing a web site for a client, he asked what the general guidance was for passwords. Users are going to be logging into the site (just plain http initially, no banking info, SSNs or credit card numbers, all that comes after SSL and first round financing). Looking around, web sites I visit are all over the place and some are nonsensical (no more than 8 characters), others require a minimum of five, six, some allow alphanumeric but no punctuation. I usually throw in upper-, lower-, numeric and a punctuation symbol or two. Is there some reason to shy away from letting the user type whatever they want, assuming you escape it properly in HTML and the destination database? Not allowing them to use their login ID seems like a good minimal rule. Are there "commonly accepted guidelines?" What I like to do is generate 16-character passwords with something like gnome-password-generator, then store them on a usb flash key in gpg-encrypted files tagged with --for-your-eyes-only. When I need to look up a password, I run something like the following: gpg --no-tty --quiet --batch --output - 2>/dev/null foo.gpg | more -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Passwords: does size matter, what characters?
On 3/9/06, Ted Roche <[EMAIL PROTECTED]> wrote: > Are there "commonly accepted guidelines?" In a word, no. Best password guideline I've yet seen: "It should be easy for you to remember, and hard for others to guess." Of course, for some reason, people seem think their name spelled backwards is "hard to guess". :-/ Sarbanes-Oxley gets cited all the time in the name of password strength requirements, but as near as I can tell, SOX doesn't even *mention* passwords.1 It merely says that auditors should check for internal security practices. I believe HIPPA is mostly the same as SOX in that department. Microsoft provides a particularly well-written guide on password security: http://www.microsoft.com/athome/security/privacy/password.mspx Hope this helps, -- Ben "drowssap" Scott ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Passwords: does size matter, what characters?
Designing a web site for a client, he asked what the general guidance was for passwords. Users are going to be logging into the site (just plain http initially, no banking info, SSNs or credit card numbers, all that comes after SSL and first round financing). Looking around, web sites I visit are all over the place and some are nonsensical (no more than 8 characters), others require a minimum of five, six, some allow alphanumeric but no punctuation. I usually throw in upper-, lower-, numeric and a punctuation symbol or two. Is there some reason to shy away from letting the user type whatever they want, assuming you escape it properly in HTML and the destination database? Not allowing them to use their login ID seems like a good minimal rule. Are there "commonly accepted guidelines?" Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: LinuxWorld Early Bird Discounts Extended to 10 March
On Thursday 09 March 2006 4:52 pm, Bill McGonigle wrote: > On Mar 6, 2006, at 14:43, Jerry Feldman wrote: > > I spoke to Jessica Camerato and I had faxed her the contact a week or > > so > > ago. > > She's had mails from me since the middle of February and a FAX'ed > contract since the beginning of this week. Assuming her FAX machine > has toner, of course. > > There was some minimalist discussion about this on the gnhlug-org list. It will be great to have a booth adjacent to GNHLUG again. -- Jerry Feldman <[EMAIL PROTECTED]> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: LinuxWorld Early Bird Discounts Extended to 10 March
On Mar 6, 2006, at 14:43, Jerry Feldman wrote: I spoke to Jessica Camerato and I had faxed her the contact a week or so ago. She's had mails from me since the middle of February and a FAX'ed contract since the beginning of this week. Assuming her FAX machine has toner, of course. There was some minimalist discussion about this on the gnhlug-org list. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Network testing and latency
On Mar 7, 2006, at 16:08, Paul Lussier wrote: We have a scenario where we've only ever tested our product over high-speed LAN connections (100MB and GigE). However, we have some customers using it over T1 connections, so we need to start testing this scenario. I was going to implement nistnet for a client: http://www-x.antd.nist.gov/nistnet/ before their project got cut, but it was for that same purpose and looked like the right tool for the job. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Web-based Project
On Thu, Mar 09, 2006 at 02:11:57PM -0500, Paul Lussier wrote: > So, clearly what's needed is a complete website written entirely in AJAX ;) > > crschmidt ought to be able whip something together for you fairly > quickly in PHP ;) Hey, I'm still employed for another couple weeks. I don't have free time to be running off willy-nilly on your personal projects! :) -- Christopher Schmidt Web Developer signature.asc Description: Digital signature
Re: asset management tools?
I know eventually we plan to have user-defined asset reporting in our software, but it's not there yet. I'll remember to send out an update when we eventually get it done :) -chris Neil Schelly wrote: On Wednesday 01 March 2006 05:02 pm, Bill McGonigle wrote: If you find a clear winner please report back - I see this wheel reinvented repeatedly. Unfortunately, I haven't found any clear winners by far. It doesn't seem that any of the tools out there are specifically for managing an inventory. Perhaps I'll be another to reinvent the wheel again down the road. Most of the implementations I've found are hindered by database structures where they just won't allow an arbitrary set of attributes for items in the inventory. I'd love to have found one that would work with just a small adjustment, but it's just not feasible without a ground-up implementation I guess. Enetman was the closest I found to what I wanted, but only because it allowed a bunch of the attributes that I was looking for, though not all. I could almost have made it work, but it kept making Firefox crash, so I just won't bother. -Neil ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: asset management tools?
On Wednesday 01 March 2006 05:02 pm, Bill McGonigle wrote: > If you find a clear winner please report back - I see this wheel > reinvented repeatedly. Unfortunately, I haven't found any clear winners by far. It doesn't seem that any of the tools out there are specifically for managing an inventory. Perhaps I'll be another to reinvent the wheel again down the road. Most of the implementations I've found are hindered by database structures where they just won't allow an arbitrary set of attributes for items in the inventory. I'd love to have found one that would work with just a small adjustment, but it's just not feasible without a ground-up implementation I guess. Enetman was the closest I found to what I wanted, but only because it allowed a bunch of the attributes that I was looking for, though not all. I could almost have made it work, but it kept making Firefox crash, so I just won't bother. -Neil ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Web-based Project
[EMAIL PROTECTED] writes: > Hi All, > > My VP of Engineering has decided that he hates MS Project > (yaho). What he wants is an internal web site where he can put > in all of the project information and have the project > plan/roadmap/timeline/gantt chart etc. viewable (not for edit) by > everyone. I have looked at a bunch of different tools out there, but > all of them seem to be overkill. Only the author needs to be > authenticated, everyone else should just be able to see the page. I > don't need a complete collaboration suite with all of the bells and > whistles. It's a very simple, very basic system. Does anyone have any > suggestions on what a good tool for this is? What have others used? So, clearly what's needed is a complete website written entirely in AJAX ;) crschmidt ought to be able whip something together for you fairly quickly in PHP ;) -- Seeya, Paul ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Web-based Project
I've found this USENET group to be a good resource in the past: http://groups.google.com/group/alt.comp.project-management Their FAQ was particularly good, though I haven't looked at that group in approx 3 years. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Web-based Project
[EMAIL PROTECTED] wrote: > Hi All, > > My VP of Engineering has decided that he hates MS Project (yaho). > What he wants is an internal web site where he can put in all of the project > information and have the project plan/roadmap/timeline/gantt chart etc. > viewable (not for edit) by everyone. I have looked at a bunch of different > tools out there, but all of them seem to be overkill. Only the author needs > to be authenticated, everyone else should just be able to see the page. I > don't need a complete collaboration suite with all of the bells and whistles. > It's a very simple, very basic system. Does anyone have any suggestions on > what a good tool for this is? What have others used? We've used dotproject (www.dotproject.net) with relative success over the past 1.5 years. It may be more than you want though, on the other hand, the people who use it are pretty simple folk. --Bruce ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Web-based Project
[EMAIL PROTECTED] wrote: What he wants is an internal web site where he can put in all of the project information and have the project plan/roadmap/timeline/gantt chart etc. viewable (not for edit) by everyone. Since he will be the only one editing them, would an application that exports to HTML be an option? Here are two that I've had on my ToInvestigate list for months now and just haven't gotten around to trying: http://www.taskjuggler.org/ http://ganttproject.sourceforge.net/ Does anyone have opinions of or experiences with these? Thanks, Larry ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Web-based Project
[EMAIL PROTECTED] writes: > What he wants is an internal web site where he can > put in all of the project information and have the project > plan/roadmap/timeline/gantt chart etc. viewable (not for edit) by > everyone. DocPile might be what you are looking for: http://freshmeat.net/projects/docpile/ Regards, --kevin -- GnuPG ID: B280F24E And the madness of the crowd alumni.unh.edu!kdc Is an epileptic fit -- Tom Waits ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Web-based Project
Hi All, My VP of Engineering has decided that he hates MS Project (yaho). What he wants is an internal web site where he can put in all of the project information and have the project plan/roadmap/timeline/gantt chart etc. viewable (not for edit) by everyone. I have looked at a bunch of different tools out there, but all of them seem to be overkill. Only the author needs to be authenticated, everyone else should just be able to see the page. I don't need a complete collaboration suite with all of the bells and whistles. It's a very simple, very basic system. Does anyone have any suggestions on what a good tool for this is? What have others used? TIA, Kenny ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Used Laptops (was Re: METROCAST BLOCKS RESIDENTIAL E-MAIL)
Jason Stephenson wrote: Ted Roche wrote: At Monday's CentraLUG meeting, Steve Amsden was showing off LTSP. He said the laptops he was using were for sale in bulk for $240 each. Used beaters, and not cutting edge, but the prices are getting amazing! Speaking of used laptops. My 6+ years old Compaq laptop stopped booting recently. After doing the usual perambulations and sacrifices, and it still not working, I yanked the hard drive and slapped that in a nice little USB case to carry about with me. So, I'm in the market for an inexpensive laptop that works, and that would mostly work with Linux or FreeBSD.--If the crappy winmodem won't work, I won't care, so long as the hardware is still functional and it has working ethernet or PCCARD slot for my ethernet card. I'm wondering if anyone knows of good sources for working, used laptops. I've had good luck with eBay. I picked up an old Thinkpad there a few years back for about $180, and it still works well today. -- John Abreau / Executive Director, Boston Linux & Unix ICQ 28611923 / AIM abreauj / JABBER [EMAIL PROTECTED] / YAHOO abreauj Email [EMAIL PROTECTED] / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss