I Have Been Pwned; You Probably Have, Too (Alt Title: “God Fucking Dammit, LinkedIn!!!”)

THE SHORT VERSION

If you use LinkedIn, then your email and LinkedIn password have probably been compromised.  If you reuse the same password across several sites, then you are likely a total sitting duck waiting to get exploited.  Go change passwords NOW!

THE LONG VERSION

This breach seems to have gotten less press than usual, even though it’s liable to have a broader impact on folks, so I want to make sure it’s on everyone’s radar:  

An enormous hack of LinkedIn accounts has surfaced (details).  Crackers snagged ~164mil login credentials; since the passwords were stored as a unsalted hashes (i.e. “not securely”), the vast majority of these passwords were cracked.

I took the liberty of checking a couple friend/client email addresses while I checked mine (using this tool), and found that most of the emails I checked were included in the hack (as was I).  LinkedIn hasn’t proactively informed anyone I’ve contacted about this. So, I’m spreading the word.

The immediate problem is losing control of your LinkedIn account (which, let’s be real, doesn’t necessarily mean much for most people).  The bigger problem is that many folks reuse the same password on many sites.  If the email:password you used on LinkedIn is the same as the one you used on Twitter or Facebook or Gmail, then those accounts are now also up for grabs.  While a LinkedIn account may be of limited value to criminals, a Twitter or Gmail account can be much more useful, and a bank or credit card account—let’s not dwell on it.  Did you start changing passwords yet?  Go change passwords NOW.

THINGS TO DO RIGHT NOW

  1. Go here (Yeah, it looks sketchy; it’s legit) https://haveibeenpwned.com/
  2. Plug in the email address you use to log into LinkedIn (or any email you use to log in to any site; this service tracks many data breaches)
  3. If you get a green bar, you lucked out.  If you get a red bar with “oh no!” in it, continue to step #4
  4. Read whatever details the site offers about the breach(es) you’ve been included in, and change your password(s) immediately.
  5. Also set a new password anywhere else that you used that same password 

EXTRA CREDIT

Passwords are inherently crappy.  It’s just a fact of life.  Consider upping your security in two ways:

  1. Set up “two-factor authentication” (also called “2FA”) on any account that lets you do so.  Different sites have different systems (and, alas, call them different things), but they all boil down the same: Once 2FA is set up, logging into your email account (or whatever) will have an extra step.  First you enter your username and password and hit submit (like normal).  Then they ding your phone (either with a txt or via app) and wait for your to respond (either by clicking “accept” on the app or entering the six digit code they’ve texted you). If you don’t respond, you can’t get in.  This makes it impossible for someone to log into your account unless they have your username, password, and your phone.  Much more secure.  (I’ve added 2FA to several personal web tools I depend on, as I was getting hammered with a brute force attack a couple weeks back.)
  2. Please seriously consider using a “password manager” or “password locker.”  This is a piece of software (or service) that securely stores your usernames and passwords for all of your accounts.  That way, you don’t have to chose easily remembered passwords for all of your accounts.  Instead, you choose one very good password for your locker, and then let the locker generate insanely hard passwords for your individual accounts (all of my passwords are now 20+ characters long and randomly generated).  Lots of folks like LastPass and 1Password.  I prefer KeePassX and use MiniKeePass on my phone (I have lots of nit-picky reasons, but the tl;dr: The software implements good encryption algorythms in a secure way; it’s open source and well vetted; it’s not “cloud based”—”the cloud” is just “some other dude’s computer” [with all that implies, viz. security risks], and a cloud computer full of the master keys to folks’ online lives strikes me as an attractive nuisance, at best).

Sorry to be your bad news bear today; I hope you all get green bars and nonetheless CHANGE YOUR PASSWORDS, GET A PASSWORD MANAGER, AND START USING 2FA WHENEVER YOU CAN!!!

Doing What You Have to Do (w/ props @roosroast)

There are three types of things you have to do in this life:

  1. Things you enjoy doing for entirely internally motivated reasons—those things that you simply find pleasurable or gratifying in and of themselves, without further social context.
  2. Things you enjoy doing because someone will give you money to do it.
  3. Things you enjoy doing because they please or help other humans whose opinion you give a shit about.

Note what is lacking here:

things you don’t enjoy doing

Everything that you do, you should be able to mentally reorient into one of the Three Things listed above. If there’s a thing you can’t do that with, then maybe you need to excise it from your life.[1][2]

In short: Do Good Things.[3]

Continue reading “Doing What You Have to Do (w/ props @roosroast)”

Meat vs. Machine

Nature can best a drone…

…and a dude with a rudimentary medieval weapon can best a drone…

..and then this super-genius has to fuck it all up: 

(Doesn’t help that the fucking thing sounds like a billion mosquitos all crying out for vengeance.)

Thanks, buddy; our fate as biological batteries for a reality-bending one world robo-overlord is basically sealed.

I Love This . . . [UPDATE!!!]

. . . but it literally goes 30 seconds too long.  Also, she really should be smoking an e-cigarette, right?

UPDATE: My lovely wife points out that, given the content of the smoker’s NDE, we are perhaps meant to understand that she has in fact been sent to Purgatory, Hell, or a non-Xtian vision of the afterlife(!!!)

Mind—blow!

Holy Shit! You Will Not Believe Weezer’s Creative Process

Artists: Even if you are lukewarm on Weezer, this interview with Rivers Cuomo (the band’s frontman) is so worth your time.  I’ve got more than a little experience with collaboration, creativity under duress, constrained writing techniques, and Oulipo-like methods, and yet I’ve never come across a process like this, which is at once ornately technical (spreadsheets, demo files, something akin to A/B testing) and is so meticulous in the interest of harnessing randomness and stripping context and formal planning out of the creative process.

Weezerians: To those who dig Weezer already, know this: The stories in their songs are not stories they wrote, but stories you wrote in response to the fragments they gathered and the formulae they use to collect and organize those fragments.

Public Service Announcement: Song Exploder is consistently awesome (for example, it introduced my 9yo to Iggy Pop and made him an instant fan).  So worth subscribing and supporting.

Seeing Sound: Couscous, Steel Cafe Tables, String Instruments, Math

Note that the different Chladni (say “clad-knee”) Figures he generates corresponds to different pitches (i..e, frequencies) and timbres (think “flavors of sound”), and that he does this by creating a node (which is technically any point in a wave where it crosses zero, and literally the places where a vibrating thing—like a guitar or cello string—is not moving).

All of which is neat, but mostly I just posted it because it looks hella sweeeeet!

360º Views from the Surface of Mars(!!!)

These are fun on your computer, and absolutely immersively astounding on your phone/tablet. The future is here, but unevenly distributed—with some portions dune-buggying around Mars, picking at rocks and wrecking up the joint.

Consider this your daily reminder that, in contrast to how things were when I was a kid, Mars is now populated—and it’s ruled by robots!

NASA’s Curiosity Mars Rover at Namib Dune (360 view) – YouTube

(props to Terence Hawkins for just messaging me about a typo; that cat writes good books)