Just for the record

Even if that fired comics guy had stood on a table in the middle of the office and hollered "I'm gonna come in tomorrow and shoot all yo' asses!", he would not have been making a "terroristic threat".

He would have been threatening to commit mass murder.

If the purpose of your murderous act is just to commit murder, not to scare anybody into doing anything (generally of a political nature), then it's... murder. Not terrorism.

Thank you.

Linguistic precision is fun!

A short piece from Salon on the debasement of the word "fun", when applied to activities for children which obviously bloody aren't.

(In case you don't know, this URL has, for months now, been the quick way to convince the Salon site that you've sat through the ads that qualify you for a "day pass".)

Continuation of a gibberish theme

Not The Daily WTF Any More has this piece, which is just the latest in a long string of stories about clothes-less Emperors exposed by nonsense. I think the string started, in the modern era, with the Sokal Affair, or possibly Ern Malley.

(I particularly like "angst-filled gothic gibberish" in the comments.)

See also: Engineers' Disease.

Persistence of incomprehensibility

It takes some serious stamina for a page that was a Cruel Site of the Day in May, 2002 for the spectacular violence it has perpetrated upon the English language to still be up, and still exactly the same, more than four years later.

That's, like, a century, in Internet time.

But the Zhejiang Yuyao Jinlida electric appliance company, Limited has achieved this feat.

Respect.

On Big TVs with Funny Names

Every now and then, a company comes up with a product name that sounds like an attempt to make a speech synthesiser make a weird noise.

There are plenty of examples, of course, but I've noticed over the years that major television manufacturers seem to feel compelled to, at one time or another, give their flagship product line a bizarre name.

Sony kicked it off with the "Kirara Basso" line, which launched in late 1991. I don't know where they got the name from, but I presume someone got paid big bucks to come up with it. Search for "Kirara" today and you find a manga/anime two-tailed cat (the Wiki entry for that character contains some info on the name).

Not to be outdone, Panasonic came up with the "Gaoo" a couple of years later.

"Gaoo" does actually apparently convey a meaning somewhat analogous to "Picture King" in Japanese, but it's still a stupid name for a product you intend to sell all over the world. English-speakers can't even say it without looking as if they're insulting someone.

And now Hitachi has "Wooo". They're very proud of their Wooo World.

Eh. Could be worse.

Hang a lantern on the magical computer

Today, I have spent quite a while reading the TV Tropes Wiki.

It is informative and hilarious.

Thank you.

"We travel aloob, singing a soob..."

I regret to say that no Automatic Teller Machine Machine I have ever used, here in Australia, has given me the option to use the language Hmoob.

"Hmoob" sounded to me less like a language and more like a nonsense password (26 bits!), but it turns out that it's actually a way of writing "Hmong".

The reason why you can write "Hmong" that way, though, is quite interesting.

Nonsense passwords

I'm finally shifting my password collection out of my previous ultra-secure unencrypted text file and into KeePass. KeePass is a mature open-source password storer which seems quite easy to use, and makes no doghouse-worthy security claims.

Plus, it's nifty.

Bad password. Bad, BAD password!

Here, KeePass is showing me that a line of identical characters may be a long password, but it's not a good password.

You get this little dynamically-updating bits-of-entropy graph whenever you enter a password - for the KeePass "vault" itself, or for one of the sites/devices/whatever whose passwords you're keeping safe in KeePass.

This is a really neat way of illustrating the idea of password complexity. It doesn't take into account dictionary attacks, though, which in the modern world are not slowed down much by brilliant tricks l1k3 the u5e of 1337-sp34k. If your password is a dictionary word, then even if you obfuscate it with letter-to-number swaps, it's probably still crackable in minutes, not weeks.

A string of three dictionary words with a few digits on the end, though, is reasonably secure...

Better password.

...so what KeePass is telling me here (click the image to see the larger-filed original) is fair enough.

To avoid the dictionary-word trap, you can either do this sort of thing - a lot of dictionary words in a "passphrase", or a few words and some numbers - or you can use one of those ludicrous more-or-less genuinely random "T\:;9+jrF:y4+@cf#6'w7z" or "Suy7JOvd" kinds of passwords.

Or you can make up nonsense words. That's what I often do.

If you're trying to crack a password and a dictionary lookup won't help, the length of time it'll take to guess is directly related to the amount of information entropy the password contains. Information entropy is, in brief, an objective measurement of the amount of information something contains.

"Suy7JOvd" is higly memorable, by the standards of true random passwords, but it has only 48 bits of entropy. It is, therefore, feasibly crackable by brute force on a single modern PC in a usefully short time.

"T\:;9+jrF:y4+@cf#6'w7z", on the other hand, has 132 bits, which pushes it well into the "cubic kilometres of sci-fi nanotech" category. For all practical intents and purposes, a password like this one can't be brute-forced. The only way you can hope to crack it (as opposed to just steal it from someone who knows it) is by exploiting some weakness in the cryptographic system being used (to hash the password, or to protect the data to which the password allows access).

Which is all very well, but even "Suy7JOvd" is pretty bloody hard to remember. "T\:;9+jrF:y4+@cf#6"w7z" is ridiculous. Everybody knows that people who're given such passwords just write them down, usually on Post-It notes which they stick to their monitor. Or - if they're especially devious, and very proud of their intelligence - they stick them to the underside of a desk drawer.

Steel door two feet thick, lock utterly unpickable and unforceable... key hidden under the doormat. (Or, if you prefer, trap-door in the floor.)

So - nonsense words.

"Slobodongoo" is a 48 bit password, appears in no dictionary, and is quite easy to remember.

"Grobbynolofroidicality" is 85 bits, which is quite enough for pretty much any purpose. And it's also reasonably memorable, though I recommend you not wander around the office muttering something like that. It's bad security practice to speak your password aloud, and it may also cause your coworkers to take action.

If you're determined to go to 128-bit password strength, which is ample for every single purpose on the planet Earth (unless it's important to you that God not be able to crack your password), then "Seglifromobulgradistalibilitegumentsic" manages it. Inserting capital letters and/or spaces can get the length down - "GorgoBrindyFerguBolishSkuziPlen" and "Mali Colu Snobo Limby Tij WoB" are each 128 bits, too. Punctuation can help a lot - "Eeble frong? Zoiby. Nyoj!" is 128 bits as well.

None of those are, I grant you, particularly easy to remember. But they're easier than "j3JBRGjxYCllgW2s2xccLZB9ww".

And you don't need 128 bits, anyway. 70 or so will do just fine.

"Nerbolica grib" and "Ib? Galoomb!" are both 71.

(If you don't have the kind of brain that comes up with nonsense words easily, or if you're paranoid about some subconscious bias that'll make the nonsense words you make up guessable, there are online nonsense-word - and nonsense-passage - generators that'll do it for you. There's also JabberWordy and NameStation, which make up nonsense-word domain names and sees if they're registered - but you can of course use the words for something else. True Security-Mindset paranoids can make a sentence, each word of which is from a different generator!)

It's not very hard to remember a few of these kinds of passwords. Look at all the people who can remember "Supercallifragilisticexpialidocious", after all. That's a 112-bit word right there - though it's probably in lots of password cracking dictionary files, along with several spelling variations, and is therefore not actually very useful. But you get the idea.

Passphrases can be just as good. The only real problem with them is that they're always significantly longer than an equally secure nonsense-word password, since dictionary attacks mean that a "70-bit" passphrase is not actually as secure as a 70-bit nonsense word, unless your nonsense word turns out to actually be a dictionary word in some language you don't know.

Long passwords also, of course, take longer to type, especially since password boxes that sensibly display asterisks while you're typing make it impossible to tell if you've made a typo until you hit return, get an error, and use some of your profanity allowance.

So go ahead and use passphrases, if you like.

Personally, I'm going to stick with the Flobadob-speak.