CTO Tech Blog

These days we seem to need a PIN or a password for just about everything.  If you follow everyone's recommendations, you'll end up with countless sets of random characters that you are expected to memorize and change on a regular basis.  That seems a little unreasonable for all but the few people who have perfect recall.  While I agree that these rules are important to keep your personal information and finances secure, I think there needs to be a happy medium where the risk matches the required effort.  It's a little risky for me to make suggestions about password security, so please remember that anything short of a completely random mix of characters that only you have memorized is at some level a security risk.

Good security involves three components; something you have, something you know, and something you are.  The something you have may be a bank card, security card, or key fob.  Something you know would be a PIN or password, and something you are is typically a biometric like a fingerprint or retina scan.

PIN numbers (Yes, I do know that the N in PIN stands for number, but it flows better) are used widely in the financial arena to verify that the holder of the card is actually the person authorized to use it.  The weaknesses are that the third component, something you are, is still missing and the other two can be stolen or copied.  Bank cards go missing all the time, but fortunately most do not have the owner's PIN printed on the back.  If a card is stolen by someone who really wants to gain access your best protection is a hard to guess PIN.  Obviously birthdates and anniversaries are not good options as are easy to spot numbers like 5555.  Choose a PIN that is random, then come up with a way to remember it.  For example 4516 could be remembered by the word "deaf" which is made up of the 4th, 5th, 1st and 6th letters of the alphabet.  Patterns on the keypad as you punch the numbers in are sometimes helpful too. One financial institution uses a combination of a couple of passwords for online banking, but only asks for certain characters each time you connect, so the entire password is never typed in a single session.

Email passwords and web site passwords use only one of the three components of good security; something you know.  These passwords are usually at more risk because most information passed over the Internet can be seen by malicious people with basic hacking skills.  Emails are sent in clear text, which means they should never contain passwords, credit card numbers or other important information.  If you're like me, you probably have a number of email addresses and access to many password protected web sites.  My memory is pretty good, but there's no way I could memorize random characters for over 100 accounts and change them on a regular basis.  My solution has been to categorize the email accounts and web sites according to their importance and risk to me.  Some accounts have a unique password, but others are in a category that contains a number of accounts with the same password.  I also use variations of a password in some cases so that I can remember them while maintaining a good level of security.  Newer computers often come with fingerprint readers and password "vaults" where you can store a number of passwords and only access them with a combination of a fingerprint and a password.  Since someone you are is the most secure of the three components of good security, this combination is a good option for keeping your information secure.  I would, however, advise that you keep a list in a safe deposit box as well since hardware can fail or be stolen and you may lose access yourself.

There are many technologies that have been in use for years that are now coming into every day use, as well as improvements on the forefront, such as biometrics in payment cards.  As with any security, the best defence is always knowledge.  If you know what's risky you can avoid it.  With that in mind, I have a few copies of a security reference handbook written by Symantec that I will make available to the first three people who post comments.  Follow up with an email directly to me at gsiverns@basicbusiness.com with your address so I can send you the booklet.

Have you ever gone to a store to buy blank recording media and wondered what all the letters and symbols mean?   I decided that it might be interesting to look at all the different types and discuss their uses.

In 1985 Sony and Philips developed a standard for writing data to compact optical disks previously developed for the music industry.  The media became widely known as CD-ROM or compact disk read only media as it could be read by an optical drive, but no data could be added.  Since the capacity of these disks were many times the capacity of floppy disks, manufacturers quickly began distributing their software on CD-ROM.  These disks were created by stamping a reflective sheet with a glass master similar to the process used to make vinyl records in the days before audio CDs.

As technology continued to develop, new CD-R or CD Recordable media became available where data could be written to a disk with a CD “burner”.  The new CD-R media had a dye film instead of a reflective film and the CD burner used a laser to alter the reflective properties of the media.  The changes, once made, were permanent making it a good format for permanent backups and small run software distribution.

Later CD-RW or CD ReWritable media and burners were developed allowing usage similar to a floppy disk with much greater capacity.  The rewritable media would allow data to be written, erased, and modified.

In a similar evolution to CDs, DVD media also made the transition to the computing world.  Originally developed as a medium to store and distribute video, the potential for data storage was quickly recognized and a consortium of computer manufacturers agreed on a standard format.  The purpose of this agreement was to help avoid a format war similar to the VHS/Betamax battle of the early 80’s.  Unfortunately after the initial DVD-R standard was created the war was started anyway with the creation of a DVD+R format which is similar to, but incompatible with, the DVD-R format.  This means that you need to make sure your burner is compatible with both formats or choose the correct media.

Like CD’s, DVD’s have a RW version and media is available for both formats; DVD-RW and DVD+RW.  These disks have a storage capacity that is 6.4 times that of a CD.

Another innovation in this technology was the creation of dual layer media.  Introducing a second dye layer to the disk allows almost twice the amount of data to be stored on a single disk.  Dual layer media is available in both write once and rewritable format.  This media is identified by adding DL to the end of the name such as DVD-RW DL or DVD+R DL.

The latest addition to this media family is Blu-Ray.  As the next generation of storage technology was being developed a “media format war” of types began again.  This time the battle was short lived and the proponents of HD-DVD conceded in February 2008 that Blu-Ray would be the new standard.  With single layer disks storing up to 25 Gb of data and dual layer storing 50 Gb, this format is suited for storing high definition video or large quantities of data.  This media is labelled BD-R for recordable media, BD-R DL for dual layer recordable media and BD-RE for erasable media that can be written to over and over.

Here’s a summary:

Media                                                   Data capacity                                     Music/Video capacity (Minutes)*

CD-R, CD-RW                                      700 Mb                                                 80

DVD-R, DVD+R,                                   4.7 Gb                                                   535/60

DVD-RW, DVD+RW

DVD-R DL, DVD+R DL,                         8.5 Gb                                                   970/120

DVD-RW DL, DVD+RW DL

BD-R, BD-RE                                        25 Gb                                                    2850/350

BD-R DL                                               50 Gb                                                    5700/700

*Note that video capacity is approximate and assumes no compression.  Compression increases the video capacity with some sacrifice in picture quality.  HD video uses considerably more space.

One last technology on note is LightScribe.  Using LightScribe media in a compatible burner, a label or design can be etched into the top of the media.  LightScribe enabled burners will be labelled on the front and include software to design the label.

On January 1st the British Columbia government imposed a new law restricting drivers from using handheld devices such as cell phones and GPS units.  The need to create this law and the associated fines might seem a bit surprising considering that 15 years ago hardly anyone had a cell phone and only a very small percentage of those who did had any kind of electronic messaging on them.  It seems that there has been a change in people's expectations when they communicate because of the increased availability that cell phones create and tolerance for someone being "unavailable" is low.  So how does someone stay connected while still being a safe and legal driver?  In short we can't yet, but there are technologies to fill some of the gaps.

Bluetooth is probably the most well known and used hands free solution for cell phones.  Originally designed as a wireless replacement protocol for RS232 serial connections, it uses multiple frequencies to transmit data making it more resistant to interference.  Since voice data is time sensitive in that the listener can hear delays and retransmissions, Bluetooth is an excellent technology to carry voice to cell phones. Many other devices such as GPS units and computers are equipped to use Bluetooth as a unified standard for communication.  Unification is the main intention of the designers as noted on Wikipedia:

"The word Bluetooth is an anglicised version of Danish Blåtand, the epithet of the tenth-century king Harald I of Denmark and parts of Norway who united dissonant Danish tribes into a single kingdom. The implication is that Bluetooth does the same with communications protocols, uniting them into one universal standard.^[1][2][3] Although blå in modern Scandinavic languages means blue, during the Viking age it also could mean black. So a historically correct translation of Old Norse Harald Blátönn could rather be Harald Blacktooth than Harald Bluetooth.

The Bluetooth logo is a bind rune merging the Germanic runes  (Hagall) and   (Berkanan)."

Many cell phones and GPS devices use speech recognition to dial numbers and enter destination addresses.  Combined with Bluetooth earpieces or microphones built into cars, they can be used with very little manual interaction.  In fact, some devices such as the Apple iPhone and RIM BlackBerry also have available applications to read emails aloud.  Speech recognition for dictating emails and text messages is in limited use on some devices as well.

I personally find it difficult not to pull out my BlackBerry when a message comes in, but the new law has not only made me think about the possible fines associated with succumbing to this distraction, but also the danger to myself and others.  If society doesn't allow us to revert to being unavailable when we're driving, then hopefully technology will quickly come to our aid and keep us safe on the roads.

For more information on Bluetooth visit Wikipedia or the official Bluetooth site below.

http://en.wikipedia.org/wiki/Bluetooth

http://www.bluetooth.com/bluetooth/

Last Thursday we saw the release of Windows 7 and along with it a new Mac commercial on television.  Apple is attacking Microsoft’s promises of a more stable feature rich operating system as expected, but this time I think they’ve missed the mark.  I have to admit that I love Apple’s commercials even though I believe PC’s are still the better choice for business even with XP or Vista.  Everyone knows about programming flaws and vulnerabilities in the Microsoft family so what makes it a better platform?  The entrenchment that XP has in business makes it the defacto standard.  Because of this most applications are written for Windows even though many are reworked to support Macs as well.  While some aspects of configuring and securing Windows are beyond many users abilities, they are more flexible and granular so that IT departments can employ more business aligned configurations.  In addition, a large part of the lack of known flaws in the Mac operating system is simple obscurity.  Hackers don’t spend as much time trying to break the code of systems that are not used as widely in business.  There have been viruses and security flaws in many versions of Mac OS but they are not as widely discussed as those in Windows.

I have been running Windows 7 at home and in my office for a number of months and my experience has been that it is living up to Microsoft’s claims of better speed and reliability.  At home I transitioned from Windows XP where I would experience unexplained slowdowns and a very slow boot process.  At work, speed was an issue as well as having a very cluttered start menu and desktop from all f the third party applications I needed to support all of the features I require.  In both cases Windows 7 has made a noticeable difference.  Boot time on both systems is short enough that I don’t have to go find something else to do while waiting and the systems are very responsive when opening new applications.  The user interface at first appears very different with an unlabeled circle instead of a start button and the way that windows fade in and out of view as I run my mouse over them on the taskbar.  The reality is that there was virtually no learning curve and I find the new nested task bar makes it much easier for me to find a certain window in the rash of applications that I tend to run concurrently.  There are a couple of security features that I’ve had to get used to.  The two main ones are; being prompted to do some things as an administrator even though my account has full privileges and not being able to download files to certain locations on my hard disk.  In both cases these new features force me to be aware of the security of my system, one by prompting me to accept that administrative privileges will be used and the other by only allowing files to be saved in certain folders, but the reality is that I used to do those things myself… most of the time.

Would I recommend running out and upgrading your computers all to Windows 7?  No.  The reality is that XP is still viable in most situations and it isn’t worth the expense of upgrading unless you have a specific need for some of the new features.  I would, however, say not to shy away from Windows 7 when purchasing a new system or when considering a major upgrade or reinstallation.