Archive for September, 2010

« Older Entries

No, my password is not too weak

Sunday, September 12th, 2010

First of all, I must confess: despite dire warnings to the contrary, I use the same password for more than one web login. But I’m sure everyone does, simply because so many sites require logins that having a different password for each site will be less secure by virtue of needing to be written down or otherwise stored in plaintext. And really, the consequences of getting an account hacked (and the benefits to any prospective hacker) are so low that it isn’t worth bothering. So a hacker can tweak my Delicious bookmarks, or see my bit.ly statistics, or whatever. Big deal.

Even worse, my password for such low-value sites is a dictionary word. Admittedly it’s a dictionary word chosen at random from the Shorter OED, which gives a theoretical 500,000 possibilities. Even if we suppose I ignored overly short words and didn’t choose entirely at random, the odds of someone guessing it have to be one in 200,000 or longer.

This seems reasonable to me, but plenty of sites aren’t having it. As far as they are concerned, protecting me from the consequences of bad password choice is their problem, not mine, and the way to do that is to ensure that my password has at least one digit in it. Or at least four digits. Or maybe a non-printable character. Or at least 2 capital letters. They don’t seem to be able to make their minds up.

So I just do what everyone else does in these circumstances: I use the same password, and make minimal tweaks to satisfy the algorithm. I capitalise the first letter. Or I add a standard number on the end of it (hey hackers, I’ll tell you this for free: I always use the number 12).

Security is always a tradeoff with usability, and the tradeoff here is terrible. Users will always use one of a tiny number of tricks (appending 123, using l33t-sp3ak, etc.) that make minimal increase to the search space. Hackers aren’t greatly inconvenienced, but the user has to remember exactly what set of requirements they were trying to satisfy when they created their password. Here’s a hint to designers: if I find myself having to think hard about what combination of capitalisation and numbering I used when I signed up, and I don’t really like your site, then I just won’t bother logging in again.

But the really dumb thing is that this is defending against the wrong problem. Passwords aren’t typically compromised by brute-force attacks across a large search space, they’re compromised by being human-understandable and relevant to the person that created them (personal names, dates, etc.) Checking the password against common human names and date formats (e.g. 19xx) would be more effective.

And if you’re worried that the web application you’re writing will be subject to brute-force attacks, then it’s easy to defend: limit the rate of queries to human speeds (no more than 5 incorrect passwords per IP address per day) and use CAPTCHAs. Detect suspicious patterns of activity and take action (block the IP address, warn the user being targetted, whatever). Properly implemented, even brute-forcing a mother’s maiden name or a birthday (requiring just a couple of hundred attempts) becomes an uninviting task, particularly when the reward for success is non-monetary.

So why do programmers do this? It’s like the old joke about the drunk who dropped his keys in a dark street and resolved to look for them under a street lamp since the light was better there. Adding rate-limiting isn’t that hard, but it’s orders of magnitude hader than writing a regexp to ensure the password has two digits in it. Even if this doesn’t solve the problem, it gives the impression that we’re making an effort.

Tags: ,
Posted in Software Development | No Comments »

Is the rockstar programmer dead?

Friday, September 10th, 2010

What is it with technology? We can put men on the moon, but we can’t create an airport baggage system that doesn’t foul up. Or a word processor that doesn’t crash. Or a web application with a consistent user interface.

One explanation could be that there are actually two sources of difficulty in most human endeavours: necessary difficulties, where a task is at the limit of or beyond a person’s capability, and accidental difficulties, where a task is perfectly achievable but we are open to simple human errors. Though the progress of technology, training and specialisation has raised the absolute limits of what is achievable in most disciplines, human error remains stubbornly as a fact of life and little has been done to ameliorate it.

Front cover of The Checklist ManifestoThis is an idea that is explored at length in The Checklist Manifesto. The author, Atul Gawande, is a surgeon who became suspicious of the number of failures that were happening in surgery that are attributable to human error, often at the cost of grievous injury and death. It would be funny if it wasn’t tragic, that no amount of training (and surgeons are extraordinarily well-trained) is enough to stop a surgeon cutting off the wrong limb, or forgetting to administer vital drugs.

Gawande pioneered a remarkably simple solution to this in the form of a pre-surgery checklist. The evidence is that this reduces complications by double-digit percentages. The main problem in implementing it seems to be in persuading alpha-male surgeons to admit that they are fallible, and that something as simple as a 30-second checklist can make a difference.

It’s not just surgery either. Gawande gives examples of checklists being successfully applied to contain human error in other fields such as finance and, of course, air flight. As a software developer, the following commentary caught my eye:

Tom Wolfe’s The Right Stuff tells the story of our first astronauts and charts the demise of the maverick, Chuck Yeager test pilot culture of the 1950s. It was a culture defined by how unbelievably dangerous the job was. Test pilots strapped themselves into machines of barely controlled power and complexity, and a quarter of them were killed on the job. The pilots had to have focus, daring, wits, and an ability to improvise—the right stuff. But as knowledge of how to control the risks of flying accumulated—as checklists and flight simulators became more prevalent and sophisticated—the danger diminished, values of safety and conscientiousness prevailed, and the rock star status of the test pilots was gone.

As a discipline, software is remarkable for the speed at which it has developed from being on the bleeding edge of research to being an integrated part of our lives, and this is something that the well-worn analogies between software engineering and civil engineering inevitably fail to model.  I’ve often wondered whether this rapid growth, and the small number of generations between the bleeding edge and the current state of the art have distorted our view of what good software engineering should be. This is an idea explored in more detail, and specifically about software, in The Inmates are Running the Asylum, a book I encourage all developers to read.

So, how applicable are the solutions in The Checklist Manifesto to software development? That’s where it gets difficult. Much as I’d like to see the discipline mature, the opportunities for checklists per se are small. There are certainly opportunities to ensure best practices in things like code reviews, merging to release branches or building installers. But ideally any purely repetitive task should be automated anyway, and this covers a lot of ground: software development differs from surgery in that while surgery only looks repetitive, software behaviour genuinely is deterministic. Automated tests, continuous integration and 1-click installer builds are probably the closest thing we have to the surgery checklist, and they are already best practices (though like the surgery checklist, often ignored by alpha males who think they know better).

I’m going to continue investigating the checklist idea and see whether I can integrate any of the spirit of it into my work; I’ll update here if I have any noteworthy progress. But it would be remiss of me not to emphasise one very important point: this isn’t about taking away the creativity of the job, it’s about minimising the cognitive load of routine tasks so that tasks requiring creativity and judgment can be given more effort, not less. There is an art to writing a good checklist, and much of it is in minimising the checklist to give it maximum impact with minimal weight.

If software engineering could become more like flying, perhaps it would be no bad thing. Being a pilot is still a highly technical job that requires great experience and commands great respect. The skill of the pilot is indispensible when something unexpected happens, but that doesn’t mean they carry out routine takeoffs and landings by the seat of their pants.

http://www.amazon.co.uk/gp/product/1846683130?ie=UTF8&tag=reviewtfm-21&linkCode=as2&camp=1634&creative=19450&creativeASIN=1846683130″>The Checklist Manifesto: How To Get Things Right</a><img src=”http://www.assoc-amazon.co.uk/e/ir?t=reviewtfm-21&l=as2&o=2&a=1846683130

Posted in Reviews, Software Development | No Comments »

Things I’ve observed in my first week in Zambia

Saturday, September 4th, 2010
  • “How are you?” is a standard part of the greeting ritual, even in contexts such as shops where English custom is barely to acknowledge a greeting. For all that, the greeting is no less ritualised than in England, and any non-positive response to the question seems like it would generate surprise. In fact, the protocol is sufficiently habituated that even if your responses come out of order, it barely seems to derail things.
  • The roads vary from bad to terrible to “pretty much just a matter of convention”. This is made more difficult by the large numbers of pedestrians, and at night by the almost complete lack of street lighting. Much as I hate driving with an automatic transmission on the open road, given the constant speeding up and slowing down to weave round pedestrians, pot-holes and speed bumps not worrying about changing gear is actually a benefit. The speed bumps are often unmarked, and the easiest way to spot them is that men tend to stand in the middle of them, taking advantage of the slowing down of traffic to sell you mobile phone top-ups.
  • Speaking of mobile phones, I think the growth in mobile phone usage surprised even the mobile phone industry. On the surface of it you might assume that people who struggle to afford to eat wouldn’t be bothering with phones, but they are big business over here, and not just among the middle classes. The prevalence of pay as you go credit sold in tiny amounts and of extremely cheap handsets (I’m using a $10 handset for the duration of my stay, and it’s as good as my old Nokia 3310 of a decade ago) has meant that owning a phone is the rule and not the exception.
  • There’s a class hierarchy that I find it hard to get used to. For sure, England has rich and poor people, but middle-class guilt and inverted snobbery mean that class is almost never explicitly referred to. I’ll have more to say on this later, as I feel it’s worth a whole post in itself.
  • The money takes some getting used to. Like many developing countries, Zambia has had its problems with inflation, to the point where 5,000 kwacha will just about buy $1 US. When inflation first started to bite, products were starting to be priced in the thousands but the largest banknote available was still a 20. People took to pinning notes in bundles of 1000 kwacha, hence “pin” remained as slang for 1000 kwacha. Even now, 50,000 (roughly $10 US) is the largest note and I genuinely have trouble closing my wallet.

Tags:
Posted in Uncategorized | No Comments »

« Older Entries