Password Management

Password management is always a pain. We all know that we should be using unique passwords for every site, and that they should be enormously long, unguessable random strings. But even with a memory palace, that's simply not terribly practical. So, just like everyone else I know, I was cheating. I had about a dozen passwords that I used for, well... everything. I kept one particularly weak one for the really junky stuff. Of course I knew this was a bad idea, but I figured "it can never happen to me". Then I watched it happen to Cory Doctorow, and then a friend who shall remain nameless... and finally the great gawker leak. Now, I couldn't remember if I had an account with gawker or any of it's affiliates or not... but either way, it was clearly time to do something about it.

Back in the day at Afilias, we had a gpg encrypted password file. The file was encrypted to all the admin's keys, so everyone with access could read it. Editing it was accomplished via a script. Not an ideal solution, but it worked for us. I wanted something a hell of a lot more user-friendly if I was going to be using it more than a dozen times a day. So, I adopted Callpod Keeper. It's a solid solution, except that it wants $30/year to work in a useful way. Basically, I enter site, userid and password for all my password type stuff into the application on my Mac. Hit save and it encrypts and syncs through the cloud with my (excitingly new) Droid. From there I can copy the password and paste it into the password field in the browser. Problem solved, or at least rendered painless enough that I'm actually following best practices. It worked on my iPhone 3G too, but the lack of easy task-switching on my old 3G and general slow crappieness meant I hardly used the browser side of it anyway.

Those of you who know me know that I'm cheap. Not absurdly cheap, but wasted money bothers me. $30/year rankles. I suspect that Randy Pausch would chide me for squandering my decreasingly free time on something that's not "important" when I could just spend $30/year, but... I can't help but think that the awkwardly named keepass stuff in conjunction with Dropbox would solve this problem... and cost $0... Droid: http://www.keepassdroid.com/ at the market OSX: http://www.keepassx.org/

And sure enough it does. Install both the droid and the osx versions for both keepass and dropbox. Generate a keyfile and put it somewhere other than your dropbox directory, with a copy on both the droid and the mac. Put your password database in your dropbox (in a private section). As long as you use a keyfile and keep it fairly much under wraps, even if someone compromises your dropbox (you're using a proper password for it now, right?), your passwords are still relatively safe.

Ranting about Microsoft and AdECN

Well, I spent 3 years trying to drink the Microsoft koolaid (or borrowing their own words, eat the dogfood) and I think I can safely say that the reason I don't like it goes a little deeper than a lack of familiarity. Bye bye Visual Studio, you crashed pretty frequently and you were slow. Really slow: while running on my beefy post-acquisition workstation VS was always slower than emacs on my crappy pre-acquisition computer. It's slower than IDEA on my pre-acquisition MacBook. I haven't been playing with IDEA for very long but I haven't made it crash yet, compared to crashing VS on a pretty much daily basis. I won't miss that tool at all. I'll kinda miss .NET and C#, but having looked at Scala, I don't think I'll miss it much. I certainly won't miss the ill conceived and poorly implemented pile of dung upon which we were supposed to build the BI system. Even a company the size of MS should know better than to divide it's efforts across multiple implementations for solutions to, say the problem of cloud computing. For example, the cosmos storage and sputnik / scope debacle. Do we, er, I mean "they" really need a proprietary, internal only cloud computing solution when they already have a proprietary external product? Convergence is a common buzzword at Microsoft and was an excuse at AdEcn to adopt the shoddy work of other teams. If things were built with quality, it would make sense to converge, but at Microsoft, or at least the parts of AdCenter with which I became acquainted outside of AdEcn, quality was more of a buzzword than a reality. I suppose that a triple-booked development team is likely to sacrifice quality, but I also suppose that triple booking them in the first place is a sign of gratuitous incompetence at higher levels of leadership. Imagine a programming tool which takes 14 man days of senior developer time in order to support the smallest "non-change" imaginable? Absurd you say? Nope, that's sputnik. But surely it must be straight forward to see what the changes are and compare them to what they should be? This is generally the case in the world of enterprise software, but not so with SSIS and it's derivatives. I can not for the life of me understand how Microsoft has been successful with SSIS. The fundamental idea is solid, and the execution is excellent... in fact, it's an excellent tool, except for one critical problem: the format of the .dtsx file. These files are more unreadable than bad perl. Small changes to an SSIS package in the GUI editor can lead to enormous and generally unrelated changes in the .dtsx file, rending standard diff tools useless. The absence of a diff tool makes meaningful code-review impossible. Change control, at least in any traditional sense, is equally impossible. The monolithic nature of the editor and the runtime engine make unit testing effectively impossible. SsisUnit is an attempt to address these failings but implements only the first and easiest 10% of what would be necessary for a UT solution, mocking for example is conspicuously absent so testing a loop forces you to test all the functionality that is called inside the loop. Microsoft is apparently unaware of this issue or at least hasn't address it in any way that I could see and I asked on the internal distribution lists while I was an employee there. This is intended for enterprise use? Are you joking? But the crappy software is to me just a symptom of Microsoft's deepest problem. I am referring to the lack of competent leadership. I will always be frustrated by how the upper echelons fumbled AdECN. First by crippling it with internal partners who were not invested in it's success and then with repeated blunders and meandering on the rush to market. Millions of dollars and four years of developer time and passion all wasted. The multiple competing solutions approach is another symptom of Microsoft's disease. Managers, particularly the higher level ones, don't seem to be capable of making the most important kind of decision; the decision to not do something. The giant is so scatterbrained that it can only barely manage to push out the products which are critical to it's existence. It leaks money, time and intention from a thousand suppurating projects. I will paraphrase a former co-worker.

The mission statement used to be "A PC on every desk, in every house", but now it's some generic new-age babble about potential.

This company has lost it's way. I'm glad that I will no longer be wandering down random paths with them.

CPM considered harmful

I work in online advertising. Those little ads tend to be sold in CPM. What does CPM mean, you ask? Well... since the advertising industry consists of Ad Men (think used car salesmen, but with a better suit and more cocaine / meth), there are no less than 4 possible interpretations of this fine acronym. We have: "Cents Per Mille", "Cost Per Mille", "Cents Per Million" and "Cost Per Million". I mean, it's not really that important, since it only relates to billing... Oh wait. Yes, the online ad industry really is that fragmented and yes, they're really too stupid to agree on a single interpretation of a critical unit of measure, let alone just picking a completely clear metric unit.