Sitting at work today and I hear the team in the other room talking about passwords.

It’s all the things we’ve heard before, it’s people confused about what is a good idea, what’s a terrible idea, and what’s a reasonable level of security.

This is a mixed bag discussion and I’m always willing to discuss these points, please let me know your thoughts below.

Following on from our discussion today, here’s a run down of the password policy. I’m including Alex and Nicole because we’re going to be publishing these tips soon.

Only have two InterExchange Passwords

  • Gmail and your computer
  • Every other website you use

Memorable sentences, with simple character substitution

  • The Penguin Eats Icecream on The Boardwalk =>
  • ThePengu1nEats1cecreamOnTheBoardwalk =>
  • ThePenu!nEats1creamOnTheBoardwalk

If you must, write the password down somewhere physically removed from your office. Your wallet is an alright choice, just remember if your wallet gets stolen you also need to do a password refresh when you’re calling your credit card company.

It’s even better if you can just remember it and literally destroy it once you have. Literally (preferably with fire).

Never reuse your InterExchange password for personal things, not ever. This creates an alternative attack route others and just increases the complexity of refreshing things if something goes wrong.

Never give your password to anyone, ever under any circumstances, you’re literally saying “Hey feel free to do whatever you want and I’ll take the fall for it” even if they’re a nice person, their problems become your problem.

Never give your password to anyone (I know I’m repeating myself), if a service ever asks for your password over the phone, or even worse emails you a copy of your password*, treat them as a bad website, use a unique password for them, and change that old password everywhere.

Never give your password to anyone (I’m really serious), if you feel you have to, call me in, I’ll talk you through it, there will be a solution other than giving your password to someone.

On bad websites (like the one above), don’t even give them a real password, my favorite thing to do here is to create a string of random words that I don’t try to remember. The next time I go there it is impossible to remember what the password is (because I don’t trust them with passwords), so I just do a password reset.

Your inbox is you, if this is compromised, everything is compromised. You can see where your account is signed in from the Google account device security page.

Refresh your passwords any time you have a gut feeling that maybe your password has been compromised.

Drops Mic

* Originally this read “… you a copy of your website”, I sent a follow up email clarifying that sentence.

Yesterday went dark.

Bugs Crying

I’d been messing around with the night before.

Jim Carrey Hacking

I was sick of building my jekyll site from develop to master.


So I deleted the master branch and created gh-pages.

Atomic Explosion

Undoing this choice fixed everything.

Happy Dance

And Github Pages hosts master the same as gh-pages anyway.

Fist Pump

Over the past few months I’ve lead a charge at InterExchange to implement a living StlyleGuide. After achieving initial buy-in I have released a working prototype which we’ll soon be using in production on

Throughout this process I’ve encountered the following tools.


A living StyleGuide must be the source of the framework as well as the documentation, our original implementation was built on pivotalexperimental/style-guide in a different area of the application, this quickly lead to the ignored documentation conundrum.

Trulia/Hologram introduced a fresh concept where the documentaiton would be written within the source code itself and subsequently transformed into html for web browsing.

Having selected a build system it was time to determine the framework.


I wanted to extend off of twbs/bootstrap a framwork that I have been using successfully for a fair amount of time and had committed in version 3 to treat responsive design as a first level concept.


Gulp came up as a Google search result for a JavaScript library manager. I’ve long suffered the guilt of how naive my Javascript library management was. Gulp treated things like Bundler, and I like Bundler.

I wanted to avoid Ruby for the build system. Whilst having a very conservative opinion of web application devlopment within nodejs, it was hard to ignore the speed of the build and the simplicity of managing libraries.

More to come

I’d like to start releasing more information about the StyleGuide we are building.

I’ll be using @dirkabroad to announce any updates to this post.

Went to Seki Onsen with a small set of the group today. 3 runs and 1 lift kept us more than occupied for a day of fantastic powder.

The better boarders managed to get in some great jumps.

Jones Jump

And the lifts were as intimate as they were convenient.

Jones Nixon Lift

Tonight my friends went to the Japanese Fire Festival and I hung back out of a lack of interest in cultural exchange.

While I sat their worrying about what my colleagues would say in response to me avoiding such an activity I went with the other naysayers to enjoy some Yakiniku and Asahi.

Yakuniku and Asahi

After we were well fed, quite drunk, and had paid our ¥3,000 ($30) we started our walk home.

Suddenly, a wild Fire Festival Appears.

Fire Festival

The moral of the story, you’re on holiday, if you miss an event don’t stress about it and COMME Des FUCKDOWN.