Good Golly! I Hate Passwords!

Ihate Passwords 2Got a message this morning on my phone, maybe from my phone, that I confirmed on my computer.

Some Passwords Compromised! 

I’ve seen the message before, and like most folks I ignored it!

For some reason, this morning I actually looked at the message and the passwords that it claimed were compromised.

A lot of the compromised passwords have come about because I’ve merged the other half’s passwords into my passwords. It makes keeping things running a lot easier to have it all on one computer rather than bouncing between two machines.

The list was long… Some of it was easy to negotiate because there were duplicate logins. Once those were sorted out, then it was down to the business of changing compromised passwords. And here’s where things just go right off the damn rails!

I log into a site. Figure out where the hell the site has hidden change password. Account, Profiles, Client Access, security, or whatever other clever euphemism the company chose to use. It’s mildly annoying but navigable. 

I get to the change password option and things get super annoying! Enter the old password, then enter the new desired password, twice. 

WRONG! You didn’t include the right kinds of characters, or the right number of special characters, or not enough upper case characters, or numeric characters, the password isn’t as long as War and Peace, that password is too long, 4 characters in the entered password have been used before on this account, or, or, or, or…”

The annoying thing about this is there is almost never any description of what these assholes want, prior to making the first mistake.

I’ve gotten to the point that I’ll hit the submit button just to generate the error that describes what format is necessary for a password.

Because I’m so often annoyed by this irritating bullshit, I use the internal password generator provided by Apple. The down side to this is sometimes even the Apple system can’t generate something useable, but it stores what it generates almost instantly. Meaning that if the generated password is rejected, you may have a bad password stored in the autofill system and then you get to fight with both the password manager AND the asinine website.

This is how I end up with passwords or pass phrases that would make Marines blush.

This morning I was entirely surprised when I ended up in one of these circular password situations and resorted to using an obscenity.

Low and behold, the website told me that such words were offensive and couldn’t be used as passwords.

WTF?

Who the hell are you to tell me what words I can and can’t use for passwords? Furthermore what does it matter? The passwords aren’t supposed to be stored on the site in plain text. They’re supposed to be encrypted. No human is supposed to be able to read the passwords and therefore no human risks being offended. Are we dealing with computers now being offended?

I’d rail and complain except I find myself caring less & less. This particular vendor, service provider, will not matter to me soon. Once I’m out of California I’ll be purging a ton of passwords, and phone numbers from my systems.

I’m actually looking forward to that. I’m looking forward to having a new phone number and a new address. 

I’m also rethinking the whole web access thing, across the board. I’d prefer to have everything mailed to my address. I’d like to get things in my mailbox. Maybe , I’ll be able to step back 50 years. I might start writing checks and mailing them to utilities. Then I won’t have to deal with passwords, PINS, and poorly designed websites.

Who knows? I might even have the Sunday paper tossed on my porch instead of reading it on my pad.

Is this a function of age? Or is this my rejection of increasing complexity to do the simplest things?

Perhaps it’s both!

There’s a lot to be said for de-computerization. You’d have to really know me or be looking at that sentence through my eyes to grasp the full irony.

I wonder if the Amish would be willing to teach me how to live simply?

I love early morning Heart Attacks!

Digital manufacturingThis morning I got up as usual. I let the dog out, got a cup of coffee, and woke the computer to check email.

Up to this point everything is normal. I’m not feeling all that great, and I was thinking that it would be nice to take the laptop out to the living room where there’s some cuddle space and the dog would likely curl up beside me. 

Before doing that, I checked the backupstatus, because I’ve got the laptop plugged into a hub that provides an ethernet connection. If you disconnect, it makes the next backup have to clean up the files that were interrupted and it doesn’t take that long to let the machine finish its task.

That’s when I discovered that there hadn’t been any backup since yesterday at 4PM. Then, since inquiring minds want to know, I asked why. The computer said there’s no backup disk.

Hmm. I know there is a backup disk so somebody’s got some splaining to do. 

I go check on the NAS device in the closet. It’s running, but the drive indications are all wrong. There’s no error or warning per se, but the NAS is hammering on 2 drives and not responding to commands. The NAS is also not appearing at the address that it’s supposed to for me to access its control interface. 

I try a “soft” power down the NAS appears to accept that command but never completes the execution of the command. I do a hard power down. Knowing full well that whatever is going on is probably bad.

I power the NAS back up and now I’m greeted with all the drives being normal but there’s a little flashing status light. That light is usually solid. I go back to the computer and find that the NAS is still not at the address it’s supposed to be, nor is it broadcasting that it’s available. After scanning a bit I found an IP address that appeared to be the NAS. I logged in to the control console only to find that the NAS thought I’d moved drives from another NAS, and that I would have to update the NAS software to accomplish this.

Ahh I’m beginning to see the likely problem. The NAS tried to update its software and the update went horribly wrong. I guess I’m lucky that the machine still had some clue what it was, but what about my 10TB of data? What about the Porn?!?

Well there’s no path around, I must go forward. I tell the NAS that the 5 drives contain data and they are to be preserved. Then I tell the NAS it can update to the latest version of software. I didn’t want to do this… I’ve been holding off on updating to the latest (read that as completely redesigned) version of the NAS software because I just didn’t feel like working my way through the headache.

I’ve got data from the other half on that NAS that I’m still sorting through and there is no need to complicate matters with a completely different NAS operating system where I’ll have to rework permissions, connections, and applications.

My plan was to do this update when I was done with the other halfs business. 

However, since I have no choice, I click “Proceed” 

The next screen from the NAS says, “Formatting system volume” OH SHIT!!!!!

Does that mean the area that the NAS uses to store the OS, OR did I just flush all my data?

Well the helpful countdown to completion said I’d know in 9 minutes.

For the next 9 very long minutes I used the time honored prayer of IT workers everywhere.

“SHIT SHIT SHIT FUCK SHIT FUCK SHIT FUCK FUCK FUCK!”

After 10 minutes the NAS came back online with a brand new OS and as an added bonus all the user accounts and been wiped. Yea! But the data appears to have remained intact.

So apparently my IT Prayer was heard, and answered, by a benevolent AI somewhere.

That’s the good news. The bad news is that I get to reconfigure the NAS and work my way through a new operating system where everything is moved and some features are gone entirely.

Yea! 

I’ve fired up a set of utilities designed to ensure drive integrity to make sure my data is in good shape. I’ll have to configure around the utilities doing their job to reconnect my NonAdmin account to the data. Oh look, the User Accounts, Groups, and Permissions controls are all different… Greeaaattt!

I have a headache that would stop Godzilla, I think I’ve got some sinus thing happening and I really may not have the patience for this…

 

Ah Ha! I knew it…

Warning: Geeky Stuff ahead.

Yesterday, I updated to the latest operating system offering from Apple.

IMG 2867

There haven’t been a lot of issues yet.

But there has been one, and this issue is across iPad, iPhone, and the Mac OS. 

Some websites will completely fail to display user credentials stored in Apple’s Password Management System.

After you get over the initial panic that the IOS or OS upgrade has wiped the thousand or so passwords and IDs that you’ve become so dependent on…

Your head will clear and then you’ll go look at passwords. As your heart rate slows, you’ll notice a curious thing. Some websites still work. But other websites act brain dead. Instead of Safari offering to fill in your password and id from Apple’s password management system you’re presented with nothing.

Even typing the first few characters of the user ID will not give you the familiar prompt for face, touch, or master password verification.

Locating the entry containing the user ID and Password and telling your device to open the website, from the password entry itself will open the site BUT WILL NOT autofill the user ID and Password, so you’re on a site, but you’re not logged in.

It’s in Safari, and it’s not technically a bug.

Safari’s security protocols have been updated which is good. But if you log  into web sites that are not using HTTPS with the new versions of Safari, it will look like the upgrade has flushed the login credentials.

The issue is HTTPS versus HTTP. Since the entirety of the internet is supposed to be using HTTPS (For your comfort, safety, and protection,) Apple apparently decided that it’s unsafe to allow the password management system to serve up a user ID and Password to a lowly HTTP site.

On the one hand I can see it. On the other hand there are corporations where their internal HTML pages may require a user ID and Password, BUT where they are not using HTTPS inside the corporate defense ring. This may or may not be good security, but that’s not the issue. The issue is the confusion caused by the way Apple has implemented this change.

Since there’s absolutely NOTHING, no message, no reaction, no indication, no clue, whatsoever about what is going on, it could leave customers badmouthing Apple, and the new OS. 

Not because what’s been done is wrong, but because it’s inconvenient! Apple already has trouble in corporate environments due to IT departments inherent Pro Windows bias. They needn’t add any fuel to that fire.

I haven’t found the setting to turn this feature off yet. Instead, I just enabled HTTPS on my site. If I find more sites that give me issues, I’ll go digging around to see if there is a setting.

I’d been holding off because I DONT WANT TO PAY FOR THE SECURITY CREDENTIAL!

Oh yeah, it costs… which leads me to begin contemplation about continuing to maintain my own hosting site. Or should I park the unused domains and transfer the live domains to another hosting service.

Truthfully, I’m becoming less and less pleased with my current hosting provider. I’ll take a look at the contract and decide if I want to continue doing business with them.

They’re pretty inexpensive if you select longer contract terms, but their quality of service is becoming questionable. Talking to them and solving problems is getting to be just like every other business. You end up talking to someone outside the country who doesn’t really understand what your issue or question is.

For the moment this HTTP/HTTPS issue is solved. I’m sure there will be other interesting issues popping up soon enough.