Password change for the better

Nine months ago, I posted my rather involved process for mandatory work password change day.

Today, it was password change day again, and the whole thing was done in 20 minutes, including 10 minutes spent on a completely different task. That’s the third time in a row that the simpler procedure (turn everything off, change the password, bring things back up one at a time and enter new passwords as required) has worked without a hitch.

So I’m going to mark this as resolved, and give a public thankyou to whichever nameless person in our IT department made the change that fixed whatever issue made the complex workaround malarkey necessary. Heaven knows “nameless person in our IT department who made a change I don’t fully understand” gets a lot of stick, so I’d like to give them a thumbs-up for once.

While I’m thanking IT infrastructure people, I’d like to thank all those responsible for Eduroam, from the high-level policy people to the back-room technical people who make it work and troubleshoot it. It’s gone from ‘this is a cool idea, hope it works’ to ‘this just works and I can take it for granted a lot of the time’, which is great and makes my work life so much easier.

While I’m talking about passwords, I have finally and belatedly made the switch to using a password manager. It’s such a relief. I had a pretty good system before, which worked with how my memory works, but it was fraying around the edges, and it didn’t cope well when passwords had to be changed. (That meant I had to memorise an exception to the system, which was a lot of extra work, and tended to disrupt the whole thing.)

20_keysafe_opend

It was a bit of work to set up the password manager, but mainly because it turned out I had over 150 username/password combinations to enter. I’m impressed at how well my old system worked – I hadn’t realised quite how many unique passwords it let me remember – but then again, if it wasn’t so good, I’d have gone for a password manager much sooner, and would’ve been better off as a result.

It’s fantastic. It’s like having a new superpower.

Faced with a demand to create yet another unique, strong password for some new online service or other, I can click a couple of buttons, paste in &QtjhQWFIkgr/(! and be confident I’ll be able to remember it later. When a site has idiosyncratic requirements (e.g. must have non-alpha characters, but only a small subset of them that doesn’t include the ones my system requires, or must not exceed 12 characters, must not have more than half lower-case letters, etc), I can do that and I don’t have to memorise another exception to the system. When a site I don’t trust demands I set up password recovery questions, I used to worry about divulging my mother’s maiden name, and struggled to think of what answer I could give to questions like “Favourite sports team” that I’d be able to remember later. Now I can simply say that my mother was born Miss 4^mSKZFI9@PNoa8 and that I’m a lifelong supporter of those paragons of sporting prowess, G3loF!aQynSR?Z%.  When I get yet another “this site has been hacked and all passwords stolen, please change your password”, I can go “Ok” and not worry about it.

For those who care about the details, I use PasswordSafe on PCs, Password Gorilla on Macs, and pwSafe on my iPhone, all synced via Dropbox. The runner up was KeePass, but 1Password and LastPass looked Ok too, although my paranoia doesn’t like security software where you can’t see the source.

I’m pretty sure that which password manager you choose matters a lot less whether you use one, and wholeheartedly encourage everyone to use one.

This work by Doug Clow is copyright but licenced under a Creative Commons BY Licence.
No further permission needed to reuse or remix (with attribution), but it’s nice to be notified if you do use it.

Advertisements

Doing GNU/Linux on a Mac

I like to work in multiple operating systems, partly because some things are much easier in one OS than others (and some things are only available in one OS), and partly because I like the way it gives me a broader idea of what computing is about, in the same way that I imagine being properly multilingual would give you a broader idea of what language is. And if I were properly multilingual I might not write such dreadful run-on sentences.

Most of the time I work on Macs, because one of the things I particularly like about them is that they’re very shiny, visual and easy to use on top … but underneath it’s basically  POSIX-compliant BSD Unix, so you can do the full-on GNU/Linux command line thing properly if that’s the best way to get a job done. Historically, one of the big drawbacks of Unix-related stuff – and legendarily GNU – was that getting hold of a new bit of software and making it work on your machine could be a bit … involved. Especially when to get X working you had to install Y and Z, and Z required P and Q, which both require Y, and so on. Never mind keeping it all up to date. But modern package managers do a great job of making it much, much simpler.

Alas, the Mac doesn’t come with a package manager – Macs have their own (generally much more user-friendly) way of installing software, which doesn’t work for GNU/Linux software. Happily, there are several ways of dealing with this.

cc licensed ( BY ) flickr photo shared by Steve Evans

This post is a techie log of what I did to make a Mac work a bit more like a GNU/Linux machine at the command line, for my own reference (I’m expecting to have to do this again soonish), and for anyone running in to the same problems I did.

Continue reading “Doing GNU/Linux on a Mac”

Password change log

So, it’s mandatory password change day for me today. In line with many organisations, the OU requires its users to change their password at regular intervals – at the moment, every three months/90 days. Also, in pursuit of improved security, they’ve recently reduced the number of unsuccessful login attempts you can make on your account before it locks you out. This has the unfortunate side effect of meaning that when you change your password on your desktop machine,  your phone or tablet – sitting quietly in your pocket or handbag – will keep trying to connect using your old password, which will lock you out of your account.

I had a very bad encounter with this issue six months ago when I lost most of a day to it. The problem was made particularly hard to resolve by the fact that we’d just gone over to IP phones connected to our PCs, so when I was locked out of my account, and therefore my PC, I couldn’t phone IT to get them to unlock my account, and had to go to another office some way away to ring them.  Which meant the ‘Try now – is it working?’ bits of the conversation had big gaps in the middle while I hung up and scurried back to my desk, then went back to room with the phone, redialled, waited to get through, and then updated the new person at the other end of the line with what’s going on. (Things are better now – I have a direct IP phone on my desk, and these days my office usually has people in it, which means I can borrow a phone from someone if that one’s not working.)

Three months ago – the last time I had to update my passwords – I was aware of the problem, and did it carefully and systematically in just under an hour, with no accidental lockouts! I also kept a sketchy list of what I did. Today I did it again, tweaking the list a bit as I went so I can follow it quickly next time.

Here’s my procedure. I’m posting it mainly to make it really easy for me to find in three months’ time (and I’ll print off a copy and leave it in my desk drawer). It’s obviously only directly relevant to me and my devices, but it might be useful to other OU people or people with a similar setups.

Bombe Machine, Bletchley Park
(cc) mendhak on Flickr

Continue reading “Password change log”

Todo update

I did a review of To Do list apps about six months ago; I’ve just done a quick update, which I present here:

Things cloud sync is now in not-very-restricted beta, and seems to work Ok. Not, of course, available on the web.

Toodledo offline still not anywhere in sight, but apparently some third-party apps can provide it.

Omni Sync Server is still in beta, but seems to work Ok. Again, not available on the web.

Midnight Inbox finally released Inbox Touch for iPad v3.0, which has sync with Midnight Inbox 2.0 and Inbox Mobile 1.0 (iPhone) built in … but the latter two still aren’t released, so obviously you can’t actually sync across devices … yet. Website has updated “Coming soon” to “Coming soon – actually”.

Appigo Todo has a desktop mac app fully released, syncs with iPhone/iPad via the cloud using their own service ($20/y), Dropbox, or Toodledo.com. Presumably if via Toodledo.com that gives you a web version, which is cool.

Todo.ly is a new (to me!) web-based service – very nice interface for a web system. Can’t see any way to have it offline though.

I’ve decided, on reflection, that spending time on to-do list software is less of a priority than, you know, actually doing things I needed to do, so I’ve carried on with my current Dropbox/plain RTF system for now.


This work by Doug Clow is copyright but licenced under a Creative Commons BY Licence.
No further permission needed to reuse or remix (with attribution), but it’s nice to be notified if you do use it.

Doing the To Do

I’m after a better task management system – organising my to-do lists, projects and activities and so on.

What I really want is something that:

  • Works well with more than simple, short lists, but doesn’t take too long to get my head around
  • Is available on the Mac, since that’s what I use most of the time
  • Is available online, for when I’m at a ‘strange’ computer
  • Ideally, is available on multiple platforms, but Mac-only will do if the web version is passable
  • Syncs seamlessly (and preferably automatically) between different instances on different machines (Ideally with the same model as Dropbox: automagically syncs when connected, but always has a local store available)
  • Has a good iPhone app that also works offline, so I can use it when away from keyboards, which syncs with zero effort
  • Lets me try it out properly beforehand if I need to shell out money
  • Preferably doesn’t require a paid subscription, particularly if not dirt-cheap, and particularly not MobileMe
  • Ideally has an email-in-to-inbox facility, for capturing ideas ad hoc as they come to me
My current system – a set of plain RTF files synced via Dropbox – sort-of works, and is wonderfully quick to start up, but doesn’t transfer easily to the iPhone (I have to remember to sync, and it doesn’t read well on the small screen). Fundamentally, it doesn’t help me organise, overview, and sort my tasks easily. Also, it doesn’t have a good way of getting stuff in to it.

Controlled detonation

Here’s what I’ve found, in note form. I’m very interested in any other views, recommendations, suggestions!

Continue reading “Doing the To Do”

iSpot and taxonomy

Work on the Biodiversity Observatory – to be called iSpot to the public – is proceeding apace. One of the things we want to be able to offer to help people in getting scientific names is to be able to map between common names for things and the scientific names. Once you know the scientific name of a species, you can find much more information than if you only know the common name. We also want to be able to help people get scientific names right – it’s easy to get them wrong – so we want to be able to provide facilities like ‘did you mean X’ when people mistype a name.

To make that work, we need a database behind the scenes that has a list of correct scientific names, a mapping between common names, and information about the taxonomic tree: each Species is part of a Genus, which is part of a Family, which is part of an Order, which is part of a Class, which is part of an Order, which is part of a Division, which is part of a Kingdom, which is part of Life.

This gets reasonably complicated even if everybody agreed on what goes where.  There’s all sorts of messing around with sub-Families and supra-Classes and things like that on top of the basic tree structure. But of course people don’t agree. And even if everybody agreed now, new information about species’ relationships to each other is becoming available all the time – especially as genetic sequencing becomes cheaper and easier to do and cleverer ways of mining genetic information to reveal evolutionary history are devised. So as we learn more, species get renamed, merged, split, and relocated in the taxonomic tree. And it’s not just obscure species that most iSpot users will never see that get changed around like this – the common garden snail has now been given at least four different scientific names (Helix aspersa, Cryptomphalus aspersus, Cantareus aspersus, and Cornu aspersum) and which is ‘correct’ or ‘preferred’ has been the matter of debate, sometimes vigorous, over time.

We really don’t want to do this work ourselves. It’s a whole discipline in itself, and we can’t hope to duplicate or exceed it. And one of our central development principles is to build on or link to existing work, rather than duplicating effort.

Luckily, there are two important databases that have (some of!) the information we want.

The first is the National Biodiversity Network‘s NBN Species Dictionary. This is as close as we can get to a complete, definitive list of species in the UK. Different parts of it (checklists) are maintained by different groups of specialists, and updated as those specialist groups decide. New versions are published roughly four times a year. (Although there’s a backlog of new information to check in for the latest update so that’s somewhat delayed.) It includes a scientific name and an NBN species ID. This species ID can be used to access the lovely web services that NBN make available via an API. It also has some mapping to common names for classification groups – it has a controlled list of about 160 names (e.g. ‘terrestrial mammals’, ‘higher plants’) that map on to the scientific names for points on the taxonomic tree but are (hopefully) comprehensible to ordinary people – or at least, ordinary people who start to get a little bit interested in nature. Even better, within each checklist, there is definitive hierarchical information – what Order, Family, Genus etc each species belongs in – for each preferred scientific name. However, combining all these to give a single consensus tree is a huge amount of work. The Natural History Museum (who do a lot of the work looking after the Species Dictionary for the NBN) did this work once, but then gave up because maintaining it was so hard. So the Species Dictionary can give us a definitive list of preferred scientific names (and also other scientific names and how they map on to preferred scientific names). It can also give us a broad-brush top-level classification for all of these. There is taxonomic hierarchy information, but not that’s easily combinable. (I want to have a look to see if we can use the checklist-level hierarchy data to support browsing at that level.), But the Species Dictionary doesn’t give us very comprehensive mappings between common names and scientific names. There’s some, but not a lot.

The second source of data is the Natural History Museum’s Nature Navigator. This is a lovely website for browsing the taxonomic tree, switching back and fro as you want between scientific and common names. Nature Navigator contains everything that has a common name. Some common names map on to scientific species names, but others map on to other parts of the tree – so ‘Pea family’ maps on to ‘Family Fabaceae’. It also contains complete and reasonably definitive hierarchical information (all keyed from the scientific names, rather than the common ones, but you can generate the common one on the fly). This looks much more promising for our purposes, since it has so many more common names and complete, usable hierarchical data.

However (there has to be at least one ‘but’ in taxonomy, I’m learning): it only covers things which have a common name, and lots of things don’t, including things that people will want to spot on iSpot – including insects and spiders. And it’s been frozen in stone since the funding ran out in 2004, and things have changed since then. And the taxonomic data it uses differs from common UK usage in many important regards – for instance, the bird data is quite different to what most UK birders use.

In rough order-of-magnitude figures:

NBN Species Dictionary: contains 250,000 scientific names, which reduces to about 80,000 preferred scientific names for species when synonyms and so on are taken in to account.  Some patchy common name mappings. All classified in to just over 100 ‘comprehensible’ taxonomic groupings. Updated regularly.

Nature Navigator: contains 140,000 common names, mapped on to appropriate preferred scientific names/points on the taxonomic tree.

Just to add to the fun, there is an international effort well underway to create a definitive list for all species across the world, called Catalog of Life, merging work by ITIS in the US and Species 2000 at the University of Reading. The aim is to create a globally-unique identifier for species – a Life Sciences ID or LSID. Thankfully, though, we as a project can leave the coordination and mapping between that and the NBN Species Dictionary to others.

The Right Answer would be to include Nature Navigator data as a checklist within the NBN Species Database, which would fold all of the Nature Navigator common name data in to the definitive Species Database. That’s a fair amount of work, but may well be within the scope of what the Taxonomic support project within OPAL (Open Air Laboratories – the parent project of the Biodiversity Observatory) will do. We’ll be pressing them to do that.

Of course, that almost certainly won’t happen in time for the launch of iSpot in the Summer, so we’ll need a stopgap solution of some sort … somehow I think converting taxonomists, biologists and field studies experts to a loose, Web 2.0 folksonomy approach is going to be beyond the scope of this project!

Backup on XP (geeky)

I asked the crowd via Twitter (and thence Facebook) about backup solutions for Windows XP, and got several responses, plus a few requests to hear what I found out, so this is to summarise that.

The particular problem I want to solve is backup on to an external huge hard disk.  This post gets a bit long and techie, but the short answer is I went with NTBackup, the backup tool built in to XP.

As the canard goes, backing up is a bit like flossing, in that everybody knows you ought to do it regularly but most people don’t. Except people who’ve been burned in the past.

Luckily, my then-technophobic mother taught me that particular lesson at an early age, when she wiped my first ever full-scale program by accidentally knocking the power cable out from the back of ZX Spectrum.  (I was trying to get her to test how user-friendly I’d managed to make it, and so I also learned the valuable lesson that real users can create whole categories of problems you did not anticipate.)

Backup is one of those things that in my head is a known solved problem.  There are two interesting problems to solve – the main one is how to back up the minimum amount of stuff but still cover everything; a secondary one is how to structure the backups to make it easy to get things back.

The ‘back up the minimum amount of stuff’ problem is essentially the problem that the rsync algorithm solves: how to find the minimum amount of data to cover the changes between an original and an updated chunk of data.  So any GNU/Linux installation can use rsync as the basis for an automated (or any degree of semi-automated) backup system.

And Unix-like file systems have another property that makes the secondary problem easy: hard linking. This essentially means you have a single file on the disk, but appearing in more than one place in the directory tree (folder hierarchy, if you prefer).  This is really really useful for backup, because it means you can do a full backup – copying everything – in to one directory on your backup disk, and then subsequently do an incremental backup (just the stuff that has changed) to another directory, adding hard links to the full backup.  And you can keep doing incremental backups like that. The clever bit is that each time you do a backup, the directory looks like a complete copy of whatever you are backing up, but the extra disk space taken up is only the difference between that backup and the last one.  Even better, you can delete (unlink) arbitrary backups without losing any other data. So, for instance, you could create a backup every hour, and delete backups on a rota so you end up with backups every hour for the last day, every day for the last fortnight, every fortnight for the last few months, etc.

(If you don’t have this system, you have to keep everything between the last full backup and the last incremental backup, or you’ve effectively lost your backup.  This is very fiddly to get right, and is a common cause of problems restoring from backups.)

If you’re a half-decent Linux geek, you can easily roll your own backup system with cron, rsync and a short shell script.  If you have a Linux box but that’s more fuss than you can be bothered with, there are umpteen Open Source graphical front ends to essentially the same system. These are of variable beauty and usability.

If you have a Mac, you get Time Machine, which has Apple’s beauty and usability built in to its interface, and the power/efficiency of the Unixy approach underneath. If you have an external drive to devote to it, it really is as simple as saying ‘Time Machine, do your thing on this drive’ and remembering to plug the drive in from time to time.  This is my dream backup system.

Alas, Windows XP doesn’t have this option. And my existing backup strategy (burn DVDs at pseudorandom times, keeping manual notes of what’s been backed up and what’s not) left a lot to be desired.

The problems run moderately deep, though.  Windows doesn’t come with rsync (though there are multiple ports, but you usually have to go half-way to a dual boot system (Cygwin) to make them work properly), and it doesn’t really do hard links (actually, it can, but not in a way that’s simple and straightfoward to the user, and so hardly any software does). It has its own system of flagging changed files (the archive attribute) which is fraught with problems.

So what’s to do?

The first solution suggested (thanks @andrew_x!) was to convert the Windows machine to a dual-boot system with Linux (e.g. Ubuntu), and use that to back up the Windows data.  That has the mathematician’s appeal of reducing it to a known solved problem.  If I wanted a dual boot system anyway and planned to spend most of the time in Linux, it’d be the top choice. But I don’t (I have other machines with Linux on).  Any backup regime that has ‘reboot in to a different operating system’ as step one is unlikely to be pursued as rigorously and regularly as it should.

The next set of solutions (thanks @elpuerco63 @hockeyshooter and others) is to buy some backup software.  There are plenty, from ECM/Dantz Retrospect (which is aimed at people with several Windows boxes to back up) and similar server-based packages, to the straight-up standard consumer packages like Symantec Norton Ghost, or Symantec Norton Save and Restore. (These two are the ones of the standard paid-for offline backup tools that Which? apparently rates as Best Buys.)  All of these, however, cost actual money, which I am very keen not to spend – partly because I have very little spare cash at the moment, partly because it seems silly to spend money on something when there are good Free/Open Source Software solutions, and partly because it’d mean I couldn’t get a backup done this weekend.

There’s a plethora of back-it-up-to-the-cloud solutions. I wasn’t interested in any of those because I have:

  • a) 120 Gb to back up and a capped Internet connection,
  • b) some nervousness about sending every last drop of my personal data in to the network,
  • c) a degree of skepticism about the reliability of such services, and
  • d) a vague, woolly echo of Richard Stallman’s political objection to cloud computing – though usually this is often balanced by a similarly vague, woolly echo of David Brin’s argument that a transparent society would be a good thing, and utterly outgunned by the siren call of Convenience.

Plus they cost real money for more than a few Gb, and my first two objections apply.  (If you do only have a few Gb of files to back up, I can heartily recommend Dropbox – free for <2Gb, syncs multiple machines and platforms easily.)

You also often get simple backup software bundled in with other things: Nero (the CD-burning package) apparently has a backup feature, and many external hard drives come with some toy backup software thrown in. Mine didn’t.

What I did manage to put my hands on, though, was NTBackup, the backup tool built in to Windows XP.  (In XP Home, it’s not installed by default – you need to get your original media and find and run NTBackup.msi in \Valueadd\Msft\Ntbackup.) It lives in Start | Accessories | System Tools.

It’s not world-class stuff: you can tell it was written for the original Windows NT 3.51.  Charmingly it defaults to writing the backup to A:\BACKUP.BKF (off the top of my head, I make it that I’d need over 80,000 floppy disks to back up my data, which would be a little tedious to insert). And the interface is almost wilfully ugly.

But (a) it didn’t cost me any more money, (b) it was to hand, (c) it has a handy option for backing up the system state (including the Registry), (d) it groks Volume Shadow Copy so can copy in-use files, and (e) it worked.