« November 2004 | Main | January 2005 »
December 20, 2004
Passphrases, not passwords: The key to account security?
Larry J. Seltzer, in a relatively plain-English column in PC Magazine, reports that the traditional wisdom on computer passwords is changing.
The widespread (and widely ignored) advice has been to create passwords that incorporate upper-case and lower-case letters, numbers, symbols, and punctuation -- like the Pa55.W0rd in the title of Selzer's article -- and to change them frequently. Now, however, a discussion initiated by Microsoft security expert Robert Hensing suggests that short passwords, no matter how complex, are easier to crack than long passphrases, no matter how ordinary the words they contain.
"Short and complex," in Selzer's example, is "Ih8m0d3rnART!", a distortion of a "phrase you can remember" -- "I hate modern art!" According to Hensing's reasoning, it's preferable just to use the phrase itself, spaces and all. It was news to me, but "Windows has supported passphrases of up to 127 characters since Windows 2000."
Selzer thinks this is such a good idea that he has just changed his Amazon.com password to "a 129-character passphrase with punctuation and mixed cases." It's a good thing he buys his books at Amazon instead of Barnes and Noble, which has a twelve-character limit on passwords and bans the use of spaces.
Not every security expert in the blogosphere buys Hensing's reasoning (Selzer goes over it lightly in his piece, but not even he claims to understand it fully). In particular, "if brute-force password crackers work by trying combinations of characters, a passphrase cracker would work by trying combinations of words" and, by implication, would eventually succeed.
That notion conflicts with ideas recently explored by Daniel Akst in his New York Times essay on computer-generated fiction. (It's no longer available for free on the Times site, but you may be able to access it through your pubic library.) I blogged Akst's article, as did many others.
In it, Akst refers to cognitive psychologist Steven Pinker's estimate that "the number of possible sentences of 20 words or less that the average person can understand is perhaps a hundred million trillion, or many times the number of seconds since the universe was born." If that's the case, even brute-force passphrase crackers have their work cut out for them.
Which leads to some delightful possibilities:
Your online banking passphrase: "Neither a borrower nor a lender be." (37 characters, with spaces and punctuation.)
Your online library passphrase: You can't tell a book by its cover. (35 characters)
Your New York Times website passphrase: "It's up to you, New York, New York." (36 characters)
Your Washington Post website passphrase: 1600 Pennsylvania Avenue (24 characters)
Your HMO website passphrase: An apple a day keeps the doctor away. (37 characters)
Your e-mail account passphrase: "I'm gonna sit right down and write myself a letter." (53 characters)
Your Social Security account passphrase: "Will you still need me, will you still feed me, when I'm sixty-four?" (70 characters)
Your work intranet passphrase (that is, until you're required to change it): "I'll amputate his reveille and step upon it heavily and
spend the rest of my days in bed." (91 characters)
Now, assuming you can remember how you punctuated things, whether you spelled numbers out or used numerals, which quotes you enclosed in quotation marks, and how to spell all the words without typos, creating passphrases may become a fun pastime. Your accounts may even become more secure.
That is, unless Seltzer is right and passphrases don't exactly capture the public imagination. "Will the only people willing to use passphrases be the ones who were willing to use complex passwords?" he asks. My guess is that, for now, this bandwagon will be populated only by geeks and word freaks. But that's a start.
December 20, 2004 | Permalink | Comments (0) | TrackBack
December 15, 2004
The automated message you hear while waiting to be placed on hold
A while back, I posted a rant about the frustrating waste of time that results when businesses treat their customers to ambiguous voice-mail messages and incomplete voice-mail greetings. At the time, I just kvetched in passing about those ubiquitous automated voice menus that businesses love to install and everyone else loves to hate.
Today, however, I encountered my least-favorite automated voice menu, one time too many. It belongs to a medium-size medical practice and takes well over a minute to endure. Longer, if you press the wrong key and get put on music hold.
For a year or two now, I've been threatening to rewrite the script and send it to the office anonymously. I finally have rewritten it, and I'm sharing it as an example of what can be accomplished by listening to your own communications from your customer's point of view.
Here's the current message, with names changed to protect the guilty and snarky comments inserted in blue:
[Generic female voice:]: Good afternoon.
[Pause.]
Why do we need a greeting before the greeting?
[Voice of the Very Senior Partner in the practice]: Thank you for calling the offices of Doctors Verysenior [pause], Senior [pause], Hereawhile [pause], New [pause], and Newest [pause].
Okay, you're all Very Important People and we do need to know we have reached the right office. But those long pauses are just a bit much.
The volume of calls to our practice has forced us to use this automated system and we apologize for it. But your call is very important to us.
My call may be very important to you, but my time obviously is not. These two sentences tell me no information. In addition, they give a cue ("Your call is very important to us") that generally precedes a request to leave a message. I get the idea that nobody's home.
Please listen to the full message, select the prompt you need, and your call will be transferred to the correct extension.
Fine, up to "select the prompt you need." Isn't it reasonable to hope that the correct prompt will take me to the correct extension?
If you are a physician, you may reach us at 555-555-5555. This is a hospital line and may only be used by doctors.
Why is this here? Can't it be a choice (Okay, the first choice!) on the menu of prompts?
For directions, dial 1.
For appointments, dial 2.
For billing, dial 3.
For prescriptions, please use our automated refill line by
dialing 4 now.
We're finally getting someplace! But let's remember, many of today's adults have never used a "dial" phone.
Our fax number is 555-444-4321.
Another piece of information that should be incorporated into the menu.
For all other calls, please dial 0 and your call will be transferred to the operator.
At long last!
If the operator is busy, please leave a message and your call will be returned as soon as possible. Thank you for calling.
Uh-oh! More cues that nobody's home. You're welcome -- I think.
If I'm lucky, the next voice I hear is the operator's -- that is, the voice of the woman at the office's front desk. If not, it's music hold or the dreaded request to leave a message.
My perception of this medical practice, as a longtime patient and New York City resident, is that its size and staffing hardly justify an automated voice menu. (I'm familiar with just one other medical practice that employs such a system -- a huge radiology practice whose waiting room seats close to a hundred patients.)
But let's take Dr. Verysenior's word for it: "The volume of calls to our practice has forced us to use this automated system." Now, can we pare this message down to tolerable length? How about this:
You have reached the offices of Doctors Verysenior, Senior, Hereawhile, New, and Newest. [Careful enunciation; no extended pauses.] Please listen to the full menu and select the prompt you need.
If you are a physician, press 1. [Branch to a message including the number to dial and the no-patients caveat.]
For directions, press 2.
For appointments, press 3.
For billing, press 4.
For prescriptions refills, press 5. [Branch to automated system, with an opportunity to access the operator.]
To send us a fax, press 6. {Branch to announcement of the fax number.]
For all other calls, please press 0 for the operator. [Branch to operator or music hold or, if all else fails, opportunity to leave a message.]
These changes cut the length of the message in half and reduce the information to the bare essentials, while respecting the caller's time and patience. Not a bad solution when you're dealing with patients -- or any other variety of customers.
December 15, 2004 | Permalink | Comments (0) | TrackBack
December 13, 2004
Informaticon: New York City and the Internet as advertising media
from Net Words, by Nick Usborne
"To call the Internet an advertising medium makes about as much sense as saying the same about New York City. Yes, you can advertise in many different ways within the city, but New York is a great deal more than just an advertising medium. It's a huge population, broken into distinct communities with an infinitely complex set of interconnections among individuals, corporations, and government.
"The same is true of the Internet. It's much more like a massive, global city and not at all like any kind of traditional advertising medium. Sure, you can promote and sell your products there, but to do it well you first need to understand what makes this particular city tick."
-- from Net Words: Creating HIgh-Impact Online Copy, by Nick Usborne
December 13, 2004 | Permalink | Comments (0) | TrackBack
December 10, 2004
Blog miners track blogs so businesses can follow the buzz
An article in last week's Wall Street Journal (paid subscription required) covered the new form of market research I call blog mining. Companies like Vokswagen and Sony are hiring firms like Techdirt, Intelliseek, and Buzzmetrics to track what bloggers are saying about their products.
Through a variety of tracking and filtering processes, blog miners can tell their clients how much chatter about their products is flying through cyberspace and what's being said. The information is used to respond quickly to problems, learn how products are viewed in contrast to the competition, and design next-generation improvements.
Blog mining highlights a couple of things about how businesses can and should be using blogs. First, even if your business doesn't publish a blog, it behooves you to understand what blogs are and how to keep up with them. That means getting yourself a desktop or web-based newsreader, learning to use it, and following a few blogs relevant to your product, service, or industry.
None of that is as complicated as it sounds. You can start here, with my advice to the bloglorn.
Equally important, if not more, you ought to start a blog of your own to boost both your brand and your productivity. The Blog Business Summit is one place to learn from the experts how to create an excellent blog that justifies the investment involved in producing it.
My company, Metaforix, is another. Contact us for plain-English information about our cost-effective blog development services.
December 10, 2004 | Permalink | Comments (2) | TrackBack
December 09, 2004
Knee replacement surgery, virtual and actual
Last week on the Technology Review blog, Simson Garfinkel invited readers to do "virtual total knee replacement surgery," courtesy of "those amazing flash artists at edheads.org."
My friend Nancy is currently recuperating from her fourth knee surgery in less than a year, so I scooted on over to the Edheads site. The amazing flash artists, as well as the videographers, made the surgery look like such a breeze that I didn't know whether to laugh or cry.
Although Nancy's other knee was successfully replaced about two years ago, the second knee has not been so cooperative. Since the initial operation last January, she has been struggling with infections, complications, and multiple hospitalizations.
Nancy's cousin, Kate McLeod, is the chief member of her support team and a key contributor to the family-and-friends e-mail update that was created to keep everyone apprised of Nancy's progress. On the day of Nancy's most recent foray into the operating room, Kate posted an account of knee surgery in the real world. With Kate's permission, a few editorial modifications, and a bit of poetic license with the name of the doc, here's what it was like:
Just as there are those who say that what happened at Abu Ghraib
isn't torture, there are those who would say that the day Nancy and
I spent waiting for knee surgery #4 wasn't torture.
After hauling out of bed at 5:45 am, a car picked us up and we sailed over to NYU Hospital without incident
or traffic -- good omen, good omen. We were in preadmin (notice how I swan
around the technical hospital terms here) fifteen minutes ahead of time.
Everyone was nice, but the head of the staff was a coffee cup nazi who kept
accusing the nurses of leaving coffee cups on her filing cabinet -- clearly the J.
Edgar Hoover of NYU Hospital. Was she lifting finger prints off those
cups? CSI:NYUH
We arrived on Six where we had old home week
with every nurse and administrator in the place. Nancy got admitted at about 10:45 and I was
thinking, "Wow, we're cutting it a little close here since she still has to
see the nurse practitioner and the anesthesiologist before her 11:00
surgery!"
At 12:00, my empty stomach was howling. I went out to the waiting room and found a whole coffee setup I hadn't known was there. I ate six Chip Ahoys, unfortunately, trying to make up for all the Chip Ahoys I hadn't eaten over the last year of waiting on Six.
At 1:30, I checked with the
desk. They thought Dr. Patella MIGHT be done
at 3:00. The Chip Ahoys weren't cutting it, so I went guiltily out of the hospital to
have a turkey sandwich.
By this point, Nancy was so parched it was like she was
trying to get to my Poland Spring oasis and she just couldn't get there. Dr. Patella arrived at around
3:25. We'd seen the nurse practitioner. Dr. Patella assured Nancy that things were
good -- no swelling, no redness, not much pain, and fair range of motion.
At 4:45, he wheeled her into OR. The last thing I heard him say was, "Oh,
by the way, Nancy, congratulations on the Red Sox."
I am now at Dean and DeLuca. They charge more for lattes than Starbucks.
I wouldn't have thought that possible. I had yet another chocolate chip
cookie, but a real one this time. Total cost: $4.43 including
tax.
I'm attributing this new food pattern to the hospital environment,
the anxiety and boredom and the fact that there is no end to incredibly bad
food around hospitals. It's positively criminal. But I'm taking refuge at
Borders until the operation is over.
Nancy might not get into
recovery until an hour after her surgery because the delays have been hospital
wide, not just with Nancy's
doctor. At least the previous patient wasn't in surgery for 4.5 hours, as we had thought. More when I know more.
It's nighttime.The Empire State Building has its
Christmas colors on. That's a good omen, good omen.
Kate
Post Script: 10 p.m. Nancy
is out of surgery and in recovery. She came out about 8:30 p.m. and went
down to recovery about 15 minutes later.
Dr. Patella said everything went
well. She will have epidural and antibiotics for the next 48 hours and
will move to Rusk for rehab early next week. The hospital is so backed
up, I wouldn't be surprised if she spends the night in recovery. But
call NYU tomorrow to find out what room she's in.
Kate
Kate McLeod is Nancy's cousin and a freelance writer specializing in automotive. Her articles appear in print in CEO, Houston Chronicle, Vegetarian Times, and The New York Daily News, and online at Autobytel.com and Kelley Blue Book. Her column, GirlDriver, USA, runs in a newspaper in upstate New York.
December 9, 2004 | Permalink | Comments (0) | TrackBack
Informaticon: Many Windows PC problems are still not your fault
from Walt Mossberg's "Personal Technology"
"For . . . consumers and small businesses, the burden of using
personal computers has grown dramatically heavier in the past couple of
years because of the plague of viruses, spyware and other security problems
that now afflict the dominant Windows platform.
"To cope with this assault from an international criminal class of virus and spyware writers, hackers and sleazy businesses, average users have had to buy and monitor an arsenal of add-on programs. They have been forced to learn far too much about the workings of their PCs. And too many users have had to take drastic steps, like wiping out their hard disks and starting all over.
"So instead of being able to view their computers as tools for productivity, research, communication and entertainment, consumers have been forced to devote rising amounts of time and money just to keeping the machines safe. The PC has, in many cases, gone from being a solution to being, at least in part, a problem."
-- from Walt Mossberg's "Personal Technology" column, Wall Street Journal, 12/9/04
Mossberg's technology columns are archived here. And, unlike most WSJ content, you can access them for free.
December 9, 2004 | Permalink | Comments (0) | TrackBack
December 07, 2004
Remedial e-mail
According to the website of the New York Times at noon, today's second-most- e-mailed article is not about the overhaul of the CIA, the war in Iraq, the price of prescription drugs, the unemployment rate, or a new virus running rampant on the Internet.
It's about the dismal state of business writing in America. Thats' write -- er, I mean, that's right.
The College Board's National Commission on Writing recently surveyed 120 top corporations and "concluded that a third of employees in the nation's blue-chip companies wrote poorly and that businesses were spending as much as $3.1 billion annually on remedial training." The vast majority of that sum goes to train current employees, not new hires.
The Times article cites many e-mail messages that are incoherent, confusing, and ultimately expensive, causing errors and delays that take time and money to fix. Many e-mails are just plain inappropriate for business, abysmally punctuated and replete with exclamation points, emoticons, and txt msg shrthnd. Senior managers also contribute to the problem, using "inflated language that desperately needs a laxative," according to California writing coach Roger S. Peterson.
Remedial writing instruction for adults is a growing "educational industry," says the Times, and writely -- that is, rightly -- so. Metaforix is part of the trend, offering cost-effective, customized business writing instruction in online and face-to-face formats. Contact us for details.
December 7, 2004 | Permalink | Comments (0) | TrackBack
Approaches to techno-trash
What to do with all those electronic gadgets we discard as we fall head over heels for the next new thing? This morning my inbox contained three articles addressing the question.
The Associated Press, via Technology Review, reports that only a "sliver" of techno-trash (otherwise known as e-trash or e-junk) actually gets recycled. That's a sliver of some 2 million tons of "broken Blackberries, old monitors and burned-out cell phones," based on the Environmental Protection Agency's 2001 estimate.
Explanations for the techno-trash buildup range from consumer ignorance about what to do with discarded gadgets to disingenuousness on the part of alleged recyclers. Ted Smith, executive director of the Silicon Vally Toxics Coalition, estimates that 60 to 80 percent of "the amount of stuff people think is being recylced" is actually "dumped in containers and sent to China."
A variety of creative solutions to the problem are being tested by commercial, government, and nonprofit groups. Reuters reports that Skyscape, a mobile medical information company, is "collecting used personal digital
assistants (PDAs) to send to doctors in Africa, and outfitting the
devices with the latest, up-to-date health information." A World AIDS Day request to Skyscape subscribers last Friday garnered about fifty used PDAs within 48 hours.
Skyscape, working in partnership with the charity SATELLIFE, is loading key medical references onto the PDAs before shipping them to Africa and will update the information if the doctors can link to the Internet. If your old PDA is one of the seven million such gadgets that Americans discard each year, there is still time to donate it to this worthy cause. Visit www.skyscape.com/AIDSDAY to learn how.
Finally, on what seems to be the theory that antique technology should bloom where it's planted, a Dutch company has created a cell phone cover that grows into a sunflower when thrown away. Created at the behest of Motorola and manufactured from a "totally biodegradable and non-toxic plastic," the phone cover "contains a sunflower seed, which will feed on the nitrates that are formed when the polyvinylalcohol polymer cover turns to waste." It is one of several related products that the Dutch company, Pvaxx Research & Development, will introduce next year.
December 7, 2004 | Permalink | Comments (0) | TrackBack
December 05, 2004
Great words: Eggcorn
Thanks to Michael Quinion, one of my favorite word mavens, for introducing me to the term eggcorn, a "spell-as-you-speak error." Linguist Geoffrey Pullam coined the term based on the example of a woman who wrote egg corns when she meant acorns.
Michael explains the term In this week's World Wide Words newsletter in the course of answering a reader's question about the origin of the term centrifical force. His research reveals that the use of centrifical in lieu of centrifugal is a "surprisingly common" instance of an eggcorn. Other examples he cites are "supposably for supposedly, nucular for nuclear, and intrical when integral is meant." Read Michael's full explanation here .
I was so tickled by the picture of an eggcorn that I couldn't resist googling up a few more. The Language Log has many great examples of the phenomenon, among them
- antidotal evidence for anecdotal evidence (I suppose doctors prefer the former to the latter)
- empirical conquest for imperial conquest (Science seems to be a great source of eggcorns) and
- nip in the butt for nip in the bud (I'm not going there!)
My favorite find was Mark Liberman's post about eggcorns in the 1980 novel Riddley Walker, by Russell Hoban. The 12-year-old narrator of this post-apocalyptic tale speaks a brilliantly evocative language that, as I remember, required me to read the novel virtually aloud. Just to put the red cord strait, the literary pleasures of the novel offered more than ample comping station .
You can sample the novel's linguistic oddities and treasures at the Riddley Walker Annotation Site, devoted to a comprehensive and elaborate analysis of the novel. Eli Bishop started the site three years ago and has attracted a motley crew of collaborators. Together, they have been maintaining and expanding it ever since.
The site is becoming what used to be known as a concordance, or alphabetical index of every word in an important text. BC (Before Computers), only texts such as the Bible, the works of Shakespeare, and similar cultural icons had concordances. I recall how impressed I was as a library school student to learn that such works existed.
I first read Riddley Walker shortly after it was published. At that time, a project like Bishop's, focused on a cult classic that few would include in the literary canon, was barely imaginable. Today, there is a wide selection of powerful, inexpensive concordance software available -- a Google search of that phrase yielded 314,000 results -- and numerous collaborative concordance projects are underway around the internet.
[Note: This post was updated on 1/3/04 to correct my misspellings of Riddley Walker. Thanks, Eli, for pointing out my error!]
December 5, 2004 | Permalink | Comments (1) | TrackBack
December 01, 2004
Infomaven's Top Ten Tools for Taming Information Overload Online
Infomaven has put together a guide to free and inexpensive sites and software that ease the tasks of managing information online. Metaforix is giving the guide away as a thank-you gift to people who participate in our information overload study by completing the InfoYou questionnaire.
The questionnaire is enjoyable and tools are terrific. Answer the questions, download the PDF guide, and let me know what you think.
December 1, 2004 | Permalink | Comments (0) | TrackBack
