Friday, August 3, 2012

Our Socialist Pledge - Or, why the 2002 9th Circuit decision won't destroy America

A friend recently intimated to me that America is under attack, somehow, or no longer America, or that our freedom of speech was damaged, because "you can't even say the pledge of allegiance anymore in America!"  This was eventually refined to the idea that you can't say the "real" pledge of allegiance, the original one (you know, the one with "under god" in it) in schools any more.

I have several of problems with that. They are, as usual, factual problems. They will, probably, and as usual, be dismissed with "Well, that's your OPINION!" by friends (and non-friends) who disagree with my factual observations.

But, as usual, opinion's got nothing to do with it... These are the FACTS.

First, you can still say the pledge of allegiance - even the un-American "under god" version - anywhere you damned well please.  The circuit court ruling she was probably reacting to says, quite correctly, that it's a violation of the separation of church and state for a teacher to lead a pledge with those words in a publicly funded school.  Private school? Pledge your ass off.  Or, alternately, if little Billy Brainwashed wants to add the words "under god" as he repeats it back, that's absolutely fine too.

Flasehood one, buried.

Now, as to the "original" and "real" parts...

First, as I've said before, there's little I can think of that's as un-American as taking a bunch of children who are legally too young to form consent, and making them recite an oath of fealty every day.  The founding fathers, I would guess, would be absolutely HORRIFIED at the idea.  (Full disclosure: as implied by the phrase "I would guess..." that part is, of course, opinion.  The pledge is un-American. That's opinion, backed by factual evidence, but opinion no less.  What follows is NOT.)

Maybe that's why, for the first 166 years - the first 70% of our history, and, I think you'll agree, the 70% closer in history to the lives and intents of our founders - there was NO official pledge of allegiance.

A (and pardon me, because I'm going to all caps something, expressly for any Teahadists in the audience) A Christian SOCIALIST minister named Frances Bellamy wrote it in 1892 - already half way into our history, to date - it gained popularity, and was adopted by congress fifty years later, in 1942.

A pastor invented the pledge of allegiance? Why I am shocked... SHOCKED, I say!

But wait... It didn't include the words "Under God".  Oh, no.

In 1948, an Illinois lawyer named Louis Bowman, on Lincoln's birthday, lead a Sons of the American Revolution meeting with an altered version of the pledge, adding the words "under God"... And justifying it by joining a group that claims Lincoln (Who, by the way, said "The bible is not my book, and and Christianity is not my profession (translation into modern American English: "The bible is not my book, and I don't profess to being a Christian") said those words in the Gettysburg Address. (Lincoln's notes don't include it, some press transcriptions do.)

But, of course, that does't mean that's when the words changed.  Remember congress adopting it officially?  They adopted it without the god reference.

People tried to get it amended, of course, but it wasn't working.  Then, some other preacher gave a sermon - again, on Lincoln's birthday, again going with the argument that Lincoln said it... A little while later, on June 14, 1954, Ike signed the amendment that had recently passed congress.

So, only for the last 58 years has our national oath of fealty even contained the words "under God"... Less than half of the time since it was written... Less than 25% of our nation's history.  Hardly "Founding Fathers" stuff.

Falsehood two, buried.

Lastly, this was not a Supreme Court decision - those scaredy cats have been studiously and judiciously - no pun intended - staying well away from this subject for years!  This was a 9th circuit ruling, which means the injunction only holds in 9th circuit states - Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon, and Washington.

Have we covered everything?  Let's see...

1) You can still say "under god".  Your government paid teacher just can't MAKE you say "under god"... So, one would hope, most anyone could see that's decidedly NOT an abridgment of free speech.  Kind of exactly the opposite.

2) This pledge was NOT part of America's foundation and fabric, and was added quite a ways into the game, so it's decidedly NOT an attack on the foundation and history of the United States... Kind of exactly the opposite.

3) And, this is apropos of nothing, but I can't get enough of saying it... The Pledge of Allegiance was invented and initially promoted by a socialist who thought "Capitalism" was an inherently sinful false theology or religion, sponsored and popularized by Satan! You can't make this stuff up!

4) Even after our Socialist Pledge was adopted officially, it didn't get "under god" added until the cold war.

5) It's not a US ruling, but a circuit injunction... So, in most of the U.S. it's still safe to force children to practice a little Christian Socialism* every morning.  (No, I'm not saying Christians are socialists (Though, Jesus kind of was) that's just what the ideology this particular preacher belonged to called themselves - Christian Socialists.)

5) Did I mention it was socialist? The pledge? lol... I really can't tell you how much that little fact tickles me.  I mean... Really.  When you picture a bunch of children in an indoctrination center, solemnly promising to obey and defend the mother land... Don't you kind of automatically think of socialist and communist nations?

Thursday, July 12, 2012

The Last Word in Password Security

Auntie got a worried text (sms) message today... Seems someone's PayPal account was hacked.

So, I thought it would be a good time to make sure everyone knew the straight dope on password security.  Read and understand this, and implement at least one of the recommendations below, and your password protected accounts will be somewhere around... Well, ninety-nine-point-something percent safe.

First comes the reality check: Nothing online is ever 100% safe. It's just not. And, it's important you know that...

First, if you simply cannot survive the idea of some bit of information being compromised, under even the most unlikely of circumstances, then for gosh sake, don't post it online.

Second, knowing nothing is 100% safe allows us to focus with clarity and realism on making it as safe as it can be, or as safe as it needs to be.

How hacking into your account works:
(Skip to the next boldface title if you already know or don't care)

In order to get into one of your login protected accounts somewhere, someone needs two things... Your user name, and your password.

Sometimes, you choose your own user name, but other times, the user name is just a default...  If you've set up Wordpress or another CMS on your own hosting account, the default administrator login was probably "admin"...  A lot of other free web software you can install, such as forum software, does that, too.

Other times, the user name has to be an email address, such as on Facebook, Paypal, GMail, and so on.

The problem here is that if someone has your email address - which can be pretty easy to get - they've already got one of the two keys they need to get into your account.

Next, they point a computer program at the login-page of the service they want to hack into... It puts the already know bit in the "user name" field, and then starts guessing at the other part, like the miller's daughter trying to guess Rumpelstiltskin's name, but many, many times per second.

This is why many sites will lock you out after so many tries of getting the password incorrect... You'd be surprised, though, how many accounts one can get into just guessing the most common passwords... 'password', for instance - no really. Most common password in the English speaking world.  Or the person's first name, or 123456, or qwerty, dragon, pussy, baseball, football, or letmein.

And, not every site has a lock-out for too many guesses... For those, the program can start by guessing within certain rules.  Suppose the site in question requires passwords with at least 4 but not more than 8 characters.  The program could start with 1111, then try 1112, 1113, 1114, and keep going until it gets to zzzzzzzz.  Your password is in there, somewhere... And at over 1000 guesses per second, it won't take long to find.

So, unless you can hide that first key - your user name - really well - more on which later in this article - you better make sure the second one is really well hidden.

The old way to make a strong password.
(Skip to the next boldface title if you already know or don't care)

Of course, first and foremost, don't use anything anyone might guess... Not your name, your birthday, your favorite passage from the bible, your daughter's name, your dog's name, or that really perverted sexual kink you think nobody knows about (we all know about it.)

By now, most all of us have heard from some expert or another that we should choose passwords that are impossible to guess or even decipher - something like GX4d%Nk1t6#!  This suggestion is a good one because it's uncommon, probably unique, and very difficult for a computer or person to guess.

By the way, you're not going to have any problem remembering that... Right?  Because if you wrote it down somewhere, guess what...?  It's no longer secure.

A better way to make a strong password.
(Skip to the next, larger boldface title if you already know or don't care)

As Randall Munroe rather famously pointed out in his web comic XKCD, four fairly random words would be much more secure, and much easier to remember.

Make it random, but memorable... If you're going to create a new one for each site, and not follow the advice below, avoid making it something you think is memorable now, like your four favorite restaurants or vacation destinations.  When you come back to Wholesale Widgets dot com to buy another five years worth of widgets, chances are you won't remember what your four favorite restaurants were this week.

"What do you mean 'If you're going to create a new one for each site...'?" I hear some of you asking...  Problem is, a few of you are horrified because you'd never use the same password for two sites, and the rest are horrified because you always do.

Here's the full disclosure, safety first, glimmering caveat... Using the same password for more than one site is a bad idea, generally.  Not because now the evil admins at Wholesale Widgets dot com now have your password to Shaved Lemur Sessions dot com - they (probably) don't... Usually, a password is passed to the database in encrypted form, so even the database doesn't really know what your password is... It just knows if what you typed in matches it.

Confused? Don't worry. Doesn't matter.  Suffice it to say, this is why most sites can renew your password, but can't send you the old on. (if you pretend to lose your password and they send it to you, that's a tell.)

An even better way to make a strong password.

padlock image
Lock it down.
"If only I could use the same password everywhere, and still have it be wicked secure!" I hear you lament (Don't lie to your Auntie... I heard you.)

Well... You can. Almost. Kind of.

Step One: Choose a string you'll never have to write down, you'll always remember, and nobody else could guess...  Fish Bike Molecule Sandwich.  I'm The Queen Of The Wine Rack.  Hamsters Love Wild Lettuce Salads.  Whatever... Just pick something.

(Picking something like "Now is the time for all good men to come to the aid of their country" or "We the people in order to form a more perfect union". is technically slightly less safe, as it violates the rule in Step One - Someone can guess it.  Still 99.995% safe, with the other measures that follow, though.)

Step Two: chop it down to password form... No spaces, no punctuation. "I'm The Queen Of The Wine Rack" becomes "imthequeenofthewinerack".

Step Three: Now, due to the way some sites set up their password requirements, trying to be helpful, you might want to add an uppercase letter, a number, and a symbol...

They have conditional rules in there that only consider things from one simplified point of view... "Does it have the kinds of characters I want? Does it have both upper and lower case characters? Does it have a number and/or a symbol?  If not... Well, it must be weak, right?"

Even if you enter the entire text of War & Peace (in lower case with no spaces) as your password, some snippy little line of script that doesn't know any better is going to think it's weak because it doesn't contain special characters and then not let you use it...  So much for remembering it, if a few sites force you to use a different one, right?

You can get ahead of this problem, as well as preventing those condescendingly 'helpful' programs from being snippy with you, and telling you your amazingly strong password is "weak" by adding a capital letter, a number, and a symbol.... Maybe "imthequeenofthewinerack" becomes "Imthequeenofthe$3winerack" and gains some memorable humor value at the same time. ;)

Step Four: And this is the magic step where it becomes universal, but not universal... Add a site-specific variable.  If it's for Facebook, add the word Facebook as the first or last word.  If it's for Twitter, PayPal, etc... You get the idea.

Your core password - imthequeenofthewinerack - becomes "imthequeenofthewinerackfacebook" for Facebook, "imthequeenofthewineracktwitter" for Twitter, and "imthequeenofthewinerackpaypal" for PayPal.

Good, but not perfect... Unless you're the only person who read this essay, and I just read it.

So, you customize the customization... Instead of adding the site name in all lowercase, maybe you add it in all caps, or in 'leet (1337, that is... But make sure you can remember your substitutions) or with just the first letter capitalized (Facebook instead of facebook), or backwards - koobecaf - or french, or babytalk, or whatever...  It just has to be a scheme only you know, that you will remember, and that you follow every time (make it different for that one site, and you will forget, I guarantee it.)

The Result...  Follow these rules, and you haver a password scheme that gives you the benefits of using the same password everywhere - i.e: you remember it - while giving you the benefits of using a different password everywhere - because it is - and a password that nobody's going to hack by brute force, unless they have thousands of computers working on it, and hundreds of years to dedicated to the problem.

(And they might have thousands of computers... That's what those viruses your less savvy friends get all the time do... They make your friends CPU available to hackers as a mindless zombie slave, for brute force attacks and denial of service attacks.)

That's it. You're pretty much safe.  You can stop now... Unless... Do you want your logins to be even more secure? Like crazy levels of Spy vs Spy secure? Easy enough... Hide the other key.

The Cherry on Top - Secure & Unique Login Names

This part isn't as easy, and not everyone is going to be able to do it...  But, if they wanted to badly enough, they could.  You can do a cheap version for free, or a perfectly functional iron-clad version for about $6 a month.

The problem, as mentioned early on, is that anyone who has your email address already has your login for lots of different sites.  Granted, if your password is as secure as the ones above, you can pretty safely just laugh at them.

But... You could take it to the next level.

What if you had a unique email address that was used for, and only used for, logging in to each specific site?

Well, you could go to the various free email services, and set up free email accounts for that purpose... But, that's a pretty fair amount of work.

You could also have your "real" email address - I suggest Google's Gmail - and then have all those unique, specialized email addresses forward to that one.

Lots of web hosting companies give you 20, 50, 100, or unlimited email accounts - "real" POP3 email addresses, or forwarding addresses, when you keep a domain name hosted there.  So... The cost is maybe $7-15 a year for the domain name, $3-10 a month for hosting,

Dreamhost, for instance, offers unlimited email addresses, and the hosting cost gets cheaper, the bigger a time span you buy at once... Add to that a great back-end and wonderful tech support, and you have an awesome hosting company.

Then, for each site you need a login for, you create a unique forwarding address... For Facebook, you create the email address (or some such thing) and then have it forward to your "real" email address...  This process is simple and takes about two minutes with every hosting company I've used... And I've used a lot of 'em.

Now, each login is a unique email address, but you only ave to check one email address... Plus, you can easily track which sites have either compromised or sold your email address and let spammers get hold of it.

"But what would I ever do with a domain name and web site?" you ask...?  Well, for one thing, keep all of your login's as close as humanly possible to perfectly secure. Get your last name as a domain name, and you can offer all your relatives free custom email addresses - or something... Just make them forward to their "normal" address, easy as pie, and you're the tech genius of the family. :)

For another... Heck, install Wordpress and have a personal website!  You've got hobbies, interests, opinions, or cats who's pictures you can post, right?  It's easy - like almost as easy as email - flexible, powerful, and there is lots of learning material free on the web... And I can help you with questions you might have, as well.


I'm starting this 'blog because there are often things I want to talk about in a longer format than Facebook Micro-blogging is really good for.  This should allow a convenient, searchable, easily archived whiteboard to share those kinds of thoughts on.
I'm naming it and forming it this way, on the other hand, because there are lots of subjects on which I feel most people are more than a little under-informed.
Sometimes it's technical, sometimes it's political, sometimes it's historical, or sometimes, it's just some interesting little bit of trivia.
Sometimes it's misunderstood because of linguistic drift - Quick, what's a plunger? Chances you're thinking about something to unclog your toilet with, rather than a tool, control, lever, or other part of a device or mechanism that works with a plunging or thrusting movement.
Sometimes it's misunderstood because of intentional definition assault, where, for one reason or another, one group of people has intentionally set out to redefine a word or phrase... Like "Pro-Life" (instead of "anti-choice"). Everyone's "pro-life"... Women with unwanted pregnancies who aren't "pro-life" don't get abortions, they slit their wrists.
Sometimes a word is misunderstood because of the passage of time... Like the fact that the roots of the word "vulgar" reference average (or common) people, or that the word "agnostic" was coined to have a very specific meaning (and it's not "Gee, Wally, I don't know!")
In any case, I think a collection of clearly written, easy to read, honest and unbiased explanations would be beneficial. Now, I may not ave the time or skill to be the person who writes those explanations (And, after reading the paragraph above about definition assault, you may think I'm completely incapable of impartiality :) but I think it's a valuable goal, and I'm gonna give it a shot.
Believe it or not, an unyielding bias toward clarity and factual information is the only bias I'm going to intentionally allow here. If I want to specifically push my side of something, I'll do it somewhere else.
You may not agree with the facts presented, but they'll be facts, to the best of my ability to find them.  If you have better facts, with better backing, let me know and I will publicly and happily turn on a dime, and post updates to the article to boot... But not just if the facts seem better to you or fit in better with your (or my) preconceived notions. They've got to be actual facts that are actually better, backed by actually better actual data. ;)
Blogger lends itself well to discussion, and if facts and data are arrived at through that discussion that show that there's a better answer or explanation than the one I've given, I'll edit the article, publicize the change, and credit the person who pointed it out, if they want me to.
Now... If only I can find the time to write and post... :)