free
government cell phones

It’s best of both worlds (or at least a compromise) – each site sees a unique password, you have an easy to remember yet long passphrase (it’s up to you whether you use same passphrase for all sites or different ones), and no need for a storage system so you can access your stuff from anywhere even if you didn’t bring your own computer along with you.

I think it’s going to wipe the floor with a lot of Android tablets, though.  Especially now that you can root it and put the Amazon Market and Google apps on it. A lot of higher-priced Android tablets are going to disappear if all they offer for the extra money is more memory and a camera (or two).

So, basically, no, given those two items as context, I don’t feel that the title is misleading. Also I tie the two items together in the first paragraph of my post.

I currently use LastPass to store and generate my completely random passwords. And I try to have a different password for every site that requires one.  This is what I encourage people to do as, having multiple passwords (specifically 1 for each site) means that should that password be compromised then they only have the password for that site.  See the Gawker hack as an example of why having different passwords for different sites is a good idea.

I do agree that sites need to get over the idea of limiting password length and allowable characters for their passwords, it would go a long way in helping beef up security. At least to a degree anyway.

You have an entire paragraph on how hackers really hack passwords, but that’s what the XKCD comic assumes in the first place – bruteforcing a hash using whatever is the best method available (in the example of the comic with 1000 tries per second). The comic even assumes that the hacker knows he’s looking for a specific word permutation and a set of dictionary words and not just random characters. So there’s no contradiction here.

Basically the comic says it’s entropy that matters, not password length or how hard it is to remember. And I have to agree with that.

Completely random passwords still have more entropy than the dictionary example in the comic, but the comic doesn’t state otherwise. It compares not against a real random password but a deviation of an uncommon word password. Which is probably what lots of people use.

My personal conclusion is:

If you have to remember passwords, then the XKCD method is probably best. It simply offers the best entropy / easy to remember ratio.

If you can store them somewhere, naturally you’d use completely random passwords and make them as long as possible. And you’d not even attempt to remember them because it’s entirely pointless to do so.

Password storage systems always come with their own security pitfalls, though.

Sadly, to this day many systems simply don’t give you the choice. Lots of sites allow you only 8-12 characters for a password and then you have to go random in order to get a bit of entropy in it.

However, even modern encryption works off some kind of password, or passphrase for verification.  If someone encrypts something with my public key, I more than likely have to enter a password/phrase to decrypt once I receive it.

Most places seem to be moving towards 2 factor authentication schemes. Paypal, Google, and a few banks have moved to this method for handling access and it’s a decent step in the right direction.  Unfortunately all the places I mention make it an optional feature, rather than requiring it by default, but I think this might be due to a lack of understanding on the consumer’s part and as hacks become more prevalent we’ll see average consumers move towards looking at better security models.

I think: for the same reason is it illegal to export virtually unbreakable encryption software… If the internet were to become truly secure, that would be a huge impediment to law enforcement and intelligence agencies.

toshiba direct coupon code

Apple has mandated a very clear development roadmap, which means that the risk associated with developing iPhone applications in terms of general compatibility is more or less mitigated. The likelihood that an OS update will break APIs (assuming the developer has programmed his/her app correctly) is minimal.

Likewise, the problem of legacy and cross-device compatibility is almost non-existent. Granted, some apps require the better hardware to run effectively (or at all), but the delivery mechanise for OS updates (iTunes) virtually ensures that most (if not all users) are running the latest version of the software. Likewise, since Apple controls the hardware, developers need only specify between device iterations (vs. brands and iterations in the case of Andriod devices).

The problem with Android, as I understand it, is that developers are required to write and re-write their applications to accommodate OS updates (which are not universally distributed for a number of reasons), to accommodate hardware variations (often limiting application features to the lowest common denominator hardware-set. Considering the ubiquity of Android, it would only make sense for developers to push apps to the platform if they could guarantee the time and money to maintain the apps across a spectrum of hardware and software fragmentation (it isn’t legacy, let’s be honest). If a developer does not have the time or the money to do that, it makes little sense to inadvertently devalue their brand (their apps). Rather, they would be wise to focus on a single platform (by no coincidence, in most cases, this is the most stable and profitable platform – iOS).

In terms of Windows Mobile, it is more likely a question of the overall success of the platform. Microsoft has a habit of either dumping products (see Kin), or leaving them to rot without a proper development roadmap (see previous versions of Win Mo).

I think, then, it’s pretty obvious why developers would choose a specific platform (more often than not the iPhone). The small gains that could be made by having a cross-compatible app are lost in the continual development time required to maintain an app across vastly different platforms (with their own inherent barriers to entry like fragmentation and unclear development roadmaps).

Build for iPhone only:
cost: $50000
benefit: $50000.
risk of App store deletion: ??? 1%? thus ~$500? Higher risk for certain categories of apps.

Build for Android:
additional cost: $40000
additional benefit: $5000
strategic benefit: ??? better be >$35000

Build for Windows Phone
Additional cost: $80000
additional benefit: $10.
strategic benefit: ??? Better be >$79990

–
I'm making up the numbers, but the ratio of money paid for the same Android and iPhone apps is about a 1/10 ratio heavily in favor of the iPhone. You yourself have admitted this in the past.

So I don't know. Maybe the problem with this (your blog post) is that you're writing a specific rebuttal to that article but trying to extrapolate a larger idea from the whole thing. It's pretty clear why very few people write cross-platform apps for ALL mobile platforms, and that's because they lose money doing it. I'd be curious to hear if Facebook was paid to build the BlackBerry and Palm OS versions of their app, or if they did it for strategic reasons, for example.

But the answer to your question is clear: it's (usually) bad business to write an Android app for sale in the Android app store, because it's CLEAR that you will lose money doing so. The Angry Birds guys may be able to sell a lot of copies on the Android, so maybe they should give it a go. But almost no one else should. At least, not for “business reasons.”