Sitting at work today and I hear the team in the other room talking about passwords.

It’s all the things we’ve heard before, it’s people confused about what is a good idea, what’s a terrible idea, and what’s a reasonable level of security.

This is a mixed bag discussion and I’m always willing to discuss these points, please let me know your thoughts below.


Following on from our discussion today, here’s a run down of the password policy. I’m including Alex and Nicole because we’re going to be publishing these tips soon.

Only have two InterExchange Passwords

  • Gmail and your computer
  • Every other website you use

Memorable sentences, with simple character substitution

  • The Penguin Eats Icecream on The Boardwalk =>
  • ThePengu1nEats1cecreamOnTheBoardwalk =>
  • ThePenu!nEats1creamOnTheBoardwalk

If you must, write the password down somewhere physically removed from your office. Your wallet is an alright choice, just remember if your wallet gets stolen you also need to do a password refresh when you’re calling your credit card company.

It’s even better if you can just remember it and literally destroy it once you have. Literally (preferably with fire).

Never reuse your InterExchange password for personal things, not ever. This creates an alternative attack route others and just increases the complexity of refreshing things if something goes wrong.

Never give your password to anyone, ever under any circumstances, you’re literally saying “Hey feel free to do whatever you want and I’ll take the fall for it” even if they’re a nice person, their problems become your problem.

Never give your password to anyone (I know I’m repeating myself), if a service ever asks for your password over the phone, or even worse emails you a copy of your password*, treat them as a bad website, use a unique password for them, and change that old password everywhere.

Never give your password to anyone (I’m really serious), if you feel you have to, call me in, I’ll talk you through it, there will be a solution other than giving your password to someone.

On bad websites (like the one above), don’t even give them a real password, my favorite thing to do here is to create a string of random words that I don’t try to remember. The next time I go there it is impossible to remember what the password is (because I don’t trust them with passwords), so I just do a password reset.

Your inbox is you, if this is compromised, everything is compromised. You can see where your account is signed in from the Google account device security page.

Refresh your passwords any time you have a gut feeling that maybe your password has been compromised.


Drops Mic

* Originally this read “… you a copy of your website”, I sent a follow up email clarifying that sentence.

Yesterday dirkkelly.com/gifs went dark.

Bugs Crying


I’d been messing around with dirkkelly.github.io the night before.

Jim Carrey Hacking


I was sick of building my jekyll site from develop to master.

Costanza


So I deleted the master branch and created gh-pages.

Atomic Explosion


Undoing this choice fixed everything.

Happy Dance


And Github Pages hosts master the same as gh-pages anyway.

Fist Pump

Recently I was asked if every person who wants to build, their own website should have to learn html rather than a content management system (wordpress, drupal etc).

I proposed they should, I don’t believe these systems give users a useful interface to their content, the abstraction to terms like Pages, Navigation, and Layouts can’t be half learnt.

So then how can someone publish their content online, advertise their business or sell something they build if the tools they have will ultimately engulf them in the inherent complexity of programming.

I spend a lot of my time designing systems and algorithms that will reduce the amount of work required by people to complete tasks. Today I was presented with a system that promises to do a part of what I do for a living.

An AI that builds websites…

I think that could absolutely work.

As such today I became a founding member of thegrid.io, a system which looks to abstract the development side of building a website to an algorithm.

Ultimately most people will not become web developers, and while they just want their content online, they shouldn’t need to have the skills necessary to organize and distribute it.

The Grid could be a solution, a sudo-artificial intelligence system that understands the content you give it and makes it relevant to your audience.

Of course I say this on the blog I run that is written in raw code, which you can view here.

Websites should be built by those who understand how websites should be built. Ever more computers are joining the ranks of those with the ability to comprehend data and publish it online, and I welcome them to the club.

At this point I have a solid idea of who it is, but with hints this good I’m definitely going to let it play out.

The Clue

Hi Dirk!
Ho Dirk!
Your Gnome is here to play!

Hey Dirk!
Hoo Dirk!
A poem for you I say!

A riddle rhyme to pass the time.
A little line: a secret sign!
Now can you find the clue that I'm
unwinding for you? (Middle line!)

Ha Dirk!
Hee Dirk!
I'm near to you indeed!

How Dirk?
Who Dirk?
Your Gnome has done it's deed!

I've left the seed for you to read
A tiny weed, a glowing bead!
And all the rest is chickenfeed!
So do not heed the call of greed!

It's only one! The center rung!
Your gnome's fair song has thus been sung.
Now take the air into your lung
and clear your mind of dirt and dung.

(and by my hint you now be stung.)

The Answer

I’m near to you indeed!

For those of you playing along at home.

  • There’s only one important line in this poem.
  • There are 23 lines in this poem (go for the capitals)
  • Key phrase repeated talks of the Middle line, Center Rung
  • 11 lines before, 11 lines after
  • Point in fact, last line finally makes the rule true

What’s Gnoming

It’s InterExchange’s annual holiday party tradition. I’m to guess who is gifting me a present.

Even though I’m in Australia I’m hoping I’ll still be able to participate. Just today I had my Gnoming duties executed by a remote party.