Tuesday, July 28, 2009

Contraseña segura

For those of you who don't realize it, I'm currently vacationing in Spain, taking it easy in the little pueblo called Madrid. The other day, I passed one of those newspaper stands with all sorts of magazines and newspapers, and one of them caught my eye--mostly because there was a topless woman on the cover. (Hey, I'm a guy. I notice these things.) There's a topless guy on the cover too, but I didn't notice him at first. They're taking a peek at each others "goods"--but those goods are still hidden from view. (Barely.) The magazine was called "Muy interesante"--Spanish for "Very interesting." Interesting indeed!

Turns out, the magazine isn't a porno magazine--despite the misleading cover photo. I think they're a little bit looser about topless women adorning their magazines than we are in the states. The cover photo was part of an article about "The Great Couple Test--Are We Compatible?" It seems to be mostly a science-kind of magazine, with lots of information about recent scientific discoveries, stories about archeological discoveries, and an article about sunbathing with the scariest pictures of white people with the darkest tans I've ever seen in my life.

I brought the magazine with me to dinner to pass the time and read some Spanish, and one section about "Words" caught my attention. It has a drawing of a laptop with a combination lock on the monitor, and a hand twisting to open it. The article was called "Contraseña segura"--or "password security" in English.

What a bizarre coincidence! Not two hours after I posted about password security, I stumble onto an article about password security in Spanish!

The list of most commonly used passwords is naturally going to be different in Spanish than in English, but the meanings were largely the same. "Hackers circulate a list of no more than 200 words and combinations of letters or numbers that are most common. For example, 1234, contrase
ña, hola or yo qué sé are some of the favorites that people use. Also, love, felicidad or buenos días.

There are two things about that list I find interesting. One, they use the English word for love as a password a lot. And two, the most commonly used words in English (password, hello, happiness) is also used by Spanish speakers (
contraseña, hola, felicidad). Spanish speakers correct me if I'm wrong, but I understand yo qué sé to mean "I know that." Which amuses me--I hadn't heard that as a possible password, but nobody on Atlas Quest ever selected it as a password so I guess the English counterpart doesn't get used much. An exception to every rule!

The article goes on to say that other popular passwords are the "names of pets, kids, birth dates or wedding anniversaries, telephone numbers, and common words like macaroni, sausages, cars." (Turns out, two people are using macaroni as a password on AQ--a word I had never thought to check before. Nobody is using sausage, however, and cars is too short to be a valid password on AQ.)

Then it recommends that passwords should have at least six characters, should not be a word you use regularly or can be found in a dictionary, and should use letters, numbers, and symbols, then goes on to recommend a "trick" by selecting the beginning of a book and converting the first line into initials, numbers, and symbols, using an example of Don Quixote, "En un lugar de la Mancha" which might map to "e1ldl*". In this case, they replaced the word "Mancha" with an asterisk (a common pattern matching symbol in the computer industry). Un, in Spanish, means "a" or "one"--so they replaced the word with the number 1 instead of the letter U.

And the article ends that you should change your passwords occasionally--but don't do it on a Friday because "you probably will forget it by Monday." Hahaha! I love the Spanish. =)

Doing a search for common foreign words as passwords has been coming up empty for me. If you absolutely must use a word for a password, perhaps foreign words are a better choice than English ones?

Choosing Passwords Wisely

I got a message from someone today who forgot their password. I won't name names, but in the message the person included the password they wanted, and that it "somehow" got changed because they "knew" that's what it used to be.

These kind of messages are usually rare for me--most people just tell me that they forgot their password, and I either send them to the Lost Password Center to reset it, or manually reset it myself if they're e-mail address doesn't seem to work. They usually don't send me the password they want it set to--I'd just as soon not know, and there's no reason I need to know. I can log into any account I need to with a "master password" when I need to--I never need to know anyone's actual password. Passwords are stored in the database in an encrypted format that's specifically designed so that I can't even decrypt it even if I wanted to. If hackers ever broke into Atlas Quest, they might be able to steal your e-mail address or cause all sorts of mischief, but there's one thing they can't get--it's your password.

Unless it's a poorly selected one. And alas, there are a lot of poorly selected passwords. Many moons ago, I read an article in a magazine about the ten most common passwords, and out of curiosity, I ran them through AQ's accounts to see if people actually were using them. Some of the most common passwords of all time, in case you're curious, include: password, 123456, qwerty, abc123, letmein, monkey, and money. Every single one of the most common passwords were being used by people--some of them in numbers that made my mouth drop open in shock. Passwords such as god did not get any hits since AQ has always required passwords to have at least five characters, even from day one.

I tried a few other "obvious" guesses including atlasquest and letterboxing, cracking loads of additional accounts. Then set it up so AQ tried using the same password as the trail name for the account, which as I recall, was the mother load.

Almost immediately, I added new restrictions on passwords to encourage people to pick better passwords. I made those most-common passwords off limits, and AQ will reject them. It will also reject any password if you use your first name, last name, or trailname as your password (or even a part of it). Which brings me back to the person who said that somehow their password had been "changed." Since the person told me the password they wanted, I could see the problem. It included their first name. The password wasn't changed--AQ had just rejected it as being too easily guessed and the person didn't remember their second choice.

A letterboxing website probably isn't a hacker's paradise, and even if a hacker did get into your account, they probably can't do more than delete your boxes or finds and send offensive messages in your name. But why choose bad passwords in the first place? Do you use the same passwords for your bank accounts, brokerage accounts, and other places where sensitive materials reside? Hackers DO try to break into those kinds of accounts, and easy-to-guess passwords make YOU a tempting target.

Some of you might remember the password cracker I set up the last time I discussed password security, and we had a lot of fun "cracking" accounts on Atlas Quest. All told, with all of the various guesses and such, we successfully cracked close to half the accounts on Atlas Quest. Without knowing any personal data about you, we could hack into about every other account given enough time to make guesses.

It might be a little harder now since AQ no longer allows the most common of passwords anymore (however, old accounts that made it in before the change still got to keep their poorly selected passwords, so those do still exist), but I bet there's still a lot of passwords you can guess. AQ will no longer allow you to use your first name, last name, and trail name (at least not what you entered when you registered on Atlas Quest), so those types of guesses won't be anywhere near as successful. But AQ doesn't know your birthday, it doesn't know the names of your children or pets, and it doesn't know much about you on a personal level, so it can't stop you from selecting those types of bad passwords.

If you're using a bad password now, consider changing it. Make your online accounts safe again!

Still don't believe? Try cracking accounts yourself and see how many you can break into with the Password Cracker.

I just want to say to the five people who use the word "goober" as a password--I'm honored. But you really need better passwords than that. ;o)

I'm also happy to report that while there are no "losers" on Atlas Quest, we do have four "winners"! Let's give our winners a round of applause. =)

Tuesday, July 21, 2009

What I Learned At LB Con....

I learned a lot of things at the letterboxing con. I learned, for instance, that you can pick padlocks with a soda can. Anyone in the TV room at the dorms Sunday night would have seen me making my very own lock picking tools. I decided not to take them back with me to Seattle, however, thinking it might look a bit suspicious going through security at the airport. I can always make more later! =)

I also learned that you never, ever want to share a room with Wassamatta_u--or sit in the front row of any talk he gives. (I do hope those eyebrows on the kids grow back.)

I also learned a few new letterboxing terms that I had never heard before. Several of my favorites I've added to the AQ glossary.

slink-boxing: Often seen at large events when large numbers of letterboxers look for a limited number of boxes. They stretch out as they walk to a box, then snap together when they stop to log in at the box, not unlike a human slinky.

slank-boxing: A combination of slack-boxing and slink-boxing. A group will slink to the box, then a designated person or two will ink up the stamp for everyone to make the stamping process go faster for the slack-boxers. Sometimes the slack-boxers won't even log their own stamp into the logbook due to limited logbook pages and the time involved.

S.P.O.P.: Short for Suspicious Pile Of People. Typically seen during large events where there are considerably more people than letterboxes. The people tend to cluster around the limited number of boxes, and at a certain point, you don't even need to follow clues anymore. You just look around for suspicious piles of people. "There must be a box over there--13 people are logging into something!"

ink in my ears: When you are confused or not sure that you heard a statement correctly, you have ink in your ears. For example, you might say, "I must have ink in my ears--I thought you just said that you went to a brothel after finding my letterbox!" The first known use of this term was by wassamatta_u. Not a big shock there.

What did YOU learn at the letterboxing con?

Friday, July 17, 2009

Live, From St. Louis!

It is I, Green Tortuga, live from St. Louis! =) Let's see.... we've already been busted by security guards. I wanted to get a picture of the arch through an arch, and they told me no photos. Blah. Come ON?! No photos of the arch?! So I moved on and took photos elsewhere, but I never did get one of the arch through another arch. Maybe next time.....

I don't have much time right now, and I don't dare leave any letterboxers alone to plot against me, but I wanted to share a couple of my photos at least. The arch is kind of a boring picture all by itself, and if you're too close, it's hard to get the whole thing in the photo anyhow. I found this angle with the lamp post in the foreground that I thought gave it a lot of character.

A bunch of us also took the tram to the top. Most people looked at the view through tiny windows. Positively claustrophobic up there! I looked at the view too, but I wanted to see straight down. Doesn't seem like most people were doing that, so here's my picture from the top looking straight down over 600 feet. I really needed a wide-angle lens to really get the effect, but it was wide enough to barely get the base of both sides of the arch in the photo. The people at the bottom can't even be seen in the photo they're so small!

Now it's time for me to find some boxes and boxers. To plot and have fun. Farewell! =)

Saturday, July 11, 2009

The Last Photo....?

I have a few pictures to share from our trip to the Spy vs. Spy event near Lake Tahoe. Not of the event--I was too busy causing mischief and mayhem to get pictures, but after the event, Amanda and I spent a few days in the area and took our time driving back to Seattle. It's not like we're in the area often, so we wanted to make the most of it.

After the event, I got dumped off at various trailheads to find my way to wherever I wanted to go. Even in June, snow can be an issue at high elevations, so most of my hiking activities were confined to trails near or on Lake Tahoe rather than the mountains surrounding it. The mountains were calling to me, but they would have to wait another day.

For my first hike, I decided on a near-loop that would start me at the trailhead for Cascade Falls, take me around to Eagle Lake, come down to Emerald Bay, then end at the Eagle Creek Campground a short jaunt up the road from where I started. This is Cascade Falls. Not a very creative name for the waterfall, but it is pretty. =)

Next up is a photo of Emerald Bay with the rest of Lake Tahoe in the background. I stopped to rest, drink water, and admire the view because, WOW! What a view!




Next up is my first view of Eagle Lake. I reached the high point of this hike from this vantage point. The trail followed the ridge down towards the left to a gap another mile or two, then down the canyon back to the lake. It doesn't go straight down the mountain from this point!

I just love this old gnarled trees.

Snow plants were all over the place. I found this group growing alongside Emerald Bay.

This next photo, I swear I don't remember taking. I was as surprised to see it while going through my photos later as the next person. It appears to be a bird flying over Emerald Bay. I do remember taking photos from this vantage point--I just don't remember the bird being in it. And looking closely, it appears to be largely black or dark brown with a white head. Did I actually get a photo of a bald eagle?!
Next up is Vikingsholm, an interesting little place nestled along the shores of Emerald Bay. It's apparently open for the public to check out, but I only admired the outside. I had a scheduled to keep to and didn't want to be late for my pickup!

And another photo of Emerald Bay. I just liked the clouds and the light. I could hear thunder coming from those clouds as I hiked along the shore, but fortunately the rain didn't come for me.

The next day I did another hike from a scenic lake to a scenic meadow whose names I can't remember off the top of my head. Bearclaw Lake? I'm pretty sure it starts with a B. Anyhow, that's not important. Just after leaving the lake, I ran into a bit of trouble--the trail led me to a meadow, then disappeared! I scratched my head a bit, and tried to retrace my steps making sure I didn't miss a subtle turnoff or something. I examined the topo map I had for every tiny squiggle and mark that might help me out, but for the life of me, that trail was gone. So I took a photo of the non-trail. Do you see a trail in this photo? Neither do I, but that's apparently where it was supposed to be. I had a pretty good topo map to go cross country, however, so I wasn't terribly concerned about getting lost. (I did not, however, have the compass--Amanda and Lea had it to find letterboxes!) I determined that the trail led to the gap just to the left of the hill you see in the photo and headed for that. (The gap, not the hill.) The meadow was marshy, though, and my feet kept sinking in muck. It was like the Florida Trail all over again! In the photo, the meadow looks pretty solid, but trust me, everything in that photo has about a half an inch of water under it.

Anyhow, near the gap, I finally came across the trail again and followed it out the rest of the way without any additional trouble. The trail went down through a steep canyon, enormous in scope, but sadly puny in pictures. I won't post those photos because it really doesn't do the area justice. Instead, I'll leave you with these two photos of flowers I found growing alongside the trail. =)

Amanda and I then started our trek back to Seattle with a quick stop at Lassen National Park along the way. This is a place I've wanted to visit for years, and the only national park in California I had never visited. It's tucked away far in the northeast part of the state, alone and neglected. A park few people seem to be aware of, and fewer people seem to visit. As the area was along our route, it seemed like the perfect time to visit. When would we get another chance?!

We stopped at the Visitor's Center, learned a bit about the park, then decided on a game plan. I would hike down from the Visitor's Center--there's a trailhead right there that leads to Mill Creek Falls, then I could hike out past two lakes and the thermal features of Bumpass Hell. It seemed easy enough at the time.

And the hike to Mill Creek Falls was indeed easy. A simple waterfall, but nice. The trail was well-traveled and snow-free, although I passed nobody along the entire route. I took photos, ate a snack, drank some water, then continued on my way.

I encountered the first problem almost immediately: There were no bridges crossing the creeks that fed the waterfall. The spring runoff was quite impressive, and while I could have tromped right through the water, I preferred to keep my feet dry if possible. I scouted around, trying to find a series of rocks and boulders I could jump across, and finally did so without getting wet. Or dead. The creeks feed into the waterfall. If I slipped and couldn't stop myself from getting swept away by the current, I'd be going over the falls! I took a photo from the top of the falls, and wondered imagined being swept away and over the falls. Would the photo survive? Would they find my body and see the last photo I ever took? Or would the camera and photo be ruined by the water or the plunge?

I crossed the stream a bit upriver as far as I could--enough so I felt safe that if I did take a dunker into the water, I could get out before I went over the falls. I made it across the creek safely and dry, but not before taking this photo of some flowers growing in a rocky outcrop in the center of the creek. The flowers fascinated me, growing there in the center of the creek. Surrounded by water on all sides, save from the torrents of water. Protected by the torrents of water, in fact, assuming hungry animals wouldn't want to fight the raging water to get here.

The trail was becoming increasingly difficult to follow. It was clear that few people ever hiked out beyond that view of the waterfall and across the water. My map showed a trail here, but it was obviously need of maintenance past the falls. I followed the thread of a trail another mile or two until it reached another small meadow and I bumped into the first couple of patches of snow. The snow didn't concern me too much--I expected patches of it along the way in shady areas. Then I looked up across the meadow and my heart sank. I saw patches of land. A nearly universal layer of snow covered the upper end of the meadow, completely obliterating the trail underneath. Where the heck had all that snow come from?!

Now the hike became a battle. Me against nature. And nature was kicking my butt! Several times I lost the trail completely, searching ahead for any signs of human intervention. A cut log, a marker on a tree, the faint hint of a trail where the land occasionally poked through the snow. The snow crunched underfoot, but I slogged along, wondering if I should turn back. At least it would be easy to follow my own tracks back out. The trail ahead looked like it hadn't been hiked all season, however. I couldn't follow the tracks left by the hikers before me--there were none! I had a trusty topo map, and read the land for clues about the correct direction to go. The compass, once again, was with Amanda. This time, I really wished I had the compass. I had miles I needed to hike through this snow, mostly in trees that blocked many of the waypoints that I could use to mark my progress.

But mostly, I watched for the markers on the trees. They were few and far between, but whenever I spotted one, my heart lifted. I knew I was still on the right track. I knew a search party would eventually find my cold, lifeless body if I somehow died out here. Just so long as I was still within view of one of those markers.

I was thrilled when I finally reached Crumbaugh Lake--the first major waypoint I was hoping to hit. I didn't venture near the shore--I wasn't entirely sure exactly where it started. The snow led right up over to the edge, and the edges of the lake were frozen. I didn't want to get too close to the shore to find out that I was actually over the water before I plunged through the snow and ice to my death. So I steered clear of the shoreline.

I felt pretty confident that I had found Crumbaugh Lake, but I didn't see any signs to mark the location. I compared the shape of the lake to that on my topo map, and compared the location with the mountain ridges surrounding it. Yes, this must be the lake I decided, although a sign to confirm it would have been nice.

I veered around the left side of the lake--according to my topo map, that's where the trail was and significant areas that were exposed to the sun had no snow at all on that side. At the far side, I found a sign confirming that it was indeed Cumbaugh Lake which pleased me enormously. The sign was positioned where they expected most hikers to come in at--not where I hiked in from.

I also pulled out my umbrella. The sun was hot, and I wasn't in the trees anymore.

The next waypoint on the hike was Cold Boiling Lake, but this one I figured would be comparitively easy to find since it fed the creek that led into Crumbaugh Lake. All I needed to do was follow the creek and I'd get to the right place. So off I tromped.

I was so confident about following the creek, I largely stopped looking for the markers on the trees. Put my topo map away, and charged through the snow, keeping the creek within hearing distance at all times. Which isn't to say that I wasn't keeping my eyes open for markers, cut logs, or signs, but I stopped searching for them as actively as I did before. The creek would guide me. I was sure of it. As long as I didn't follow it up some unrelated tributary. =)

Along the way, out in the middle of nowhere, probably not on any trail at all, I found a message for me in the snow. It said, "Fun." The word was made of twigs, that seemed to have fallen randomly from the surrounding trees. Or maybe some other hiker with a twisted sense of humor really had passed by, but if they did, they left no tracks in the snow. The snow around the twigs melted faster than the rest of the surrounding snow--the dark twigs absorb the heat of the sun more than the reflective snow does, then the heat melts the snow. So the message was inlaid into the snow. I felt certain that the trees were mocking me.

I reached Cold Boiling Lake after another hour or so of hiking--covering a distance that normally would have taken me half that time. Like Crumbaugh, I shied away from the shoreline, not exactly sure where the snow ended and the water started. On the far side of the lake, the snow vanished from view, and I had high hopes that my snow trouble were finally over. The trail was supposed to climb up a south-facing slope, and south-facing slopes tend to have significantly less snow than north-facing ones. I hoped this was the start of a snow-free zone once again.

I stopped to rest, eating a Pop-Tart and drinking much of my water. I also pulled out the walkie-talkie and tried to call Amada on it. I was already an hour late from when Amanda expected me to arrive, and I still had miles to hike before reaching the trailhead where she would pick me up. I knew she'd grow increasingly concerned the longer it took for me to hike out. If she were at the top of the ridge, there was a chance she could pick me up on the walkie-talkie and I could put her mind at ease. But alas, she didn't respond to my calls.


The trail climbed up the ridge, along which was mostly free of snow. Occasionally there were large patches of it, but finding the route consisted of continuing to go straight until the snow stopped and that's where the trail would be found. The trail looped around Cold Boiling Lake nearly 180 degrees, but this time up the mountain ridge rather than the valley I followed to it, passing by a bird's-eye view of Crumbaugh Lake. I couldn't help but notice that had I hiked directly up the steep slope from that lake, it would have been completely snow free. I'd have missed Cold Boiling Springs, but under the circumstances, I wouldn't have minded.

I finally reached Bumpass Hill, a cauldrin of bubbling mud, fumerales, and boiling hot springs--an impressive display of nature. I had also reached what I considered to be civilization. I saw two people in the distance walking on the boardwalk--the first people I had seen since leaving the Visitor's Center earlier in the day. The trailhead was still another mile or two away, but a lot of people hike out to Bumpass Hell to see Earth's fury, and I knew the trail would become clear, well-trampled, and populated at this point.

I tried calling Amanda again from the walkie-talkie, and got a response. She was at the trailhead, waiting for me, and glad to know (finally) where I was and when I would be arriving.

I wandered around the thermal features a bit taking pictures, then continued my hike to the trailhead. The two figures I saw from a distance had already left, so I never spoke to them.

The hike out was exhausting, pushing through snow nearly the entire way. At least the trail was quite clear from the multitudes of people who tromped through it before me, and packed down considerably better than before. But I still found the snow exhausting and frustrating.

At a viewpoint where I could see the parking lot, I slipped on a couple of stone steps, slamming an arm into the pointed edge of the rock step--the most serious fall of my hike, ironically within view of the parking lot! I cussed a few times, then called Amanda again on the walkie-talkie, telling her that I could see the car and that my arm hurt like crazy.

At the trailhead was a wonderful, large, bright orange sign with a warning: "Trail Hazardous: Travel not recommended." Ha! NOW they tell me this? When my hike is over?

I got into the car, finally ready to go home. I needed a rest. =)

Thursday, July 02, 2009

The Last Big Update

No, not the "last" as in there will never be a big update again, but whenever I made changes that are so pervasive, so far-reaching, that I can't update individual pages of Atlas Quest without fearing that something will break, I have to take the site offline temporarily to upload all of the changes in one fell swoop. I tend to call these the Next Big Update. "It'll be in the Next Big Update." "It'll be fixed in the Next Big Update."

The update has been done, and I figure some of you would like to know what it included. It's not the Next Big Update anymore, however. It's in the past. It's now the Last Big Update.

Most of the big changes are under the hood and not readily apparent. The most striking changes that are actually visible are when you try to add or edit a box, tracker, event, or group. The main one was to redesign the layout to be a bit more flexible and fluid so it works better on mobile devices. I got rid of the column on the right hand side of the page where it didn't always fit on small screens or other people who used large fonts. Since I'm using floated DIV tags rather than tables, it's also will use all of the horizontal screen space your browser allows that should reduce the amount of scrolling necessary to fill out all of the forms. Mostly minor stuff.

Since I was mucking around with that stuff, I made a couple of small improvements to those screens as well. You can now drag-and-drop the boxes in a series in the order you prefer rather than the convoluted drop down list for the order you want the boxes to be in. You can also delete boxes in a series directly from that page instead of having to using the Delete Box button. Again, pretty minor stuff.

Another small tweak that's completely invisible is that most places that use radio buttons or checkboxes (such as the hike type and attributes respectively on the Advanced Search page)--you can now click directly on the text associated with the radio button or check box to select it. Previously, you had to aim your mouse at the relatively small target itself. Those who have trouble controlling the mouse or use the site on their iPhones or other mobile devices might find it easier to hit what you're aiming at. =)

For the most part, though, there's not much to write home about. The bulk of the chances are "under the hood" and completely invisible. I wrote a lot of new classes and improved a lot of previously existing classes to help speed future development. I refactored a lot of code to make it more reusable and idiot-proof it against myself.

Given the sheer size of the changes involved, you can pretty much count on there being bugs and glitches. I wanted to do this update in the middle of the day so I'd be around to monitor and check for bugs and get them fixed as quickly as possible. Usually I do them late at night then go to sleep soon after, and bugs don't get fixed until I wake up again the next morning. =) (Not to mention that updating the live site is a LOT faster from this wi-fi connection I'm using at the library rather than a dial-up connection from home.)

Most of my testing has been done on FireFox. The last couple of days I've been using IE8 to look for formatting problems that might show up with that browser and caught the worst of offenders, but it's not anywhere NEAR as well tested with IE as FireFox, so if something clearly doesn't look like it's supposed to, do let me know. I only tested with Chrome, Opera, and Safari for all about ten minutes each, so those are more likely to formatting issues.

Happy Trail!

-- Ryan

PS. I did add a new icon option for your stats label with this update. =)
Letterboxing Stats for Green Tortuga