“That trick never works.”

As seen on CBS News!

’nuff said.

Sometimes, it takes a hurricane or three to uncover leftover bombs. Left over from World War II, that is.

This is a fluffy, squeaky clean little series about a teenage girl named Nana and her six personality-differentiated clones, who appeared after an accident that involved her mad-scientist grandfather, his latest experiment in high-tech prisms, a microwave oven, and a cherry tree. Our Heroine has one goal in life: to pass the high-school entrance exams so she can get into the same school as the boy she has a crush on. Unfortunately, her new sisters share that crush, and that’s not all…

It’s almost painfully cute, with an opening theme to match. Disc 2 just came out, and I’m going to have to buy it.

Update: apparently the associated manga is a bit more fan-service oriented. Obviously I’m going to have to confirm that…

Update: Oh my, yes. The manga version is definitely aimed at a male audience.

Update: Just finished watching disc 2. It’s still cute. I’ll buy the next one.

Mamiya has just shown off a 22 megapixel SLR body with a 36×48mm CCD. That’s twice the physical area of a 35mm film frame (which should produce visibly higher quality than the high-MP Canons and Nikons), although it will still have some magnification when used with Mamiya’s 6×4.5cm medium-format lenses, and even more when the digital-back version is used with their 6×7cm body and lenses.

Last year I posted a reference to Arnold Reinhold’s Diceware page, and included a copy of my favorite passphrase generator, which attempts to generate pronouncable nonsense words.

I’ve always been a big fan of pronounceable nonsense, even in the days when passwords were limited to eight characters, but I think it’s particularly useful for long passphrases. My problem was that it can actually be pretty difficult to get a good nonsense phrase out of the original table. So I made my own.

Now, the instinctive reaction to someone creating their own security tool instead of using one created by an expert is (or ought to be) an anguished cry of “Noooooo, you fooooool!”. This is a special case, though, because the beauty of the Diceware scheme is that the contents of the table don’t actually matter, as long as each cell is unique. You could fill the first column with colors and the rest of the cells with the names of different superheroes, and the resulting passphrases would contain just as much entropy.

So here’s my new favorite method of generating passphrases. Roll three six-sided dice (one to choose a consonant, two more to choose the rest of the syllable), repeat at least ten times, and assemble into a phrase.

Update: Sorry if I didn’t make it clear. Split the results up with spaces to create two- or three-syllable “words”.

Also, a word on the relative strength of passphrases. Each syllable contains ~7.75 bits of entropy (log2(666)), so ten syllables produces a 77.5-bit passphrase, which is likely good enough for data that isn’t kept under lock and key 24x7 (e.g. login password on a laptop). See Reinhold’s FAQ on passphrase length for details. Note that the dictionary-based Diceware system requires longer passphrases to get the same strength (5d6 per word versus 6d6 for nonsense syllables).

How UN inspectors helped Iraqis:

Adnan Abdul Karim Enad’s relatives were shocked to see him clambering into a UN inspector’s jeep on January 25 clutching a notebook and screaming “Save me! Save me!” in Arabic. A UN inspector sat motionless in the front seat as Iraqi guards pulled the 29-year-old man out of the car and carried him away by his arms and legs.

How US troops helped Iraqis:

Amnesty International has learned that 'Adnan 'Abdul Karim Enad is safe and free. He and other detainees were said to have escaped from a prison in al-Ramadi, about 80 miles from Baghdad, after it was abandoned by prison guards in mid-April.

So I decided to increase the iDisk storage on my .Mac account, mostly because I’m using the password-protected Public folder to share a largish database with some friends, and mounting DAV volumes is easy, convenient, and doesn’t involve bandwidth that I pay for. The fact that it autosyncs to every Mac I use is just a bonus, of course.

The problem? The confirmation screen for buying upgrades to your .Mac account includes your plaintext password. Sure, it’s a secure web form, but this is a receipt, and I print out receipts for online purchases. I suspect other people do as well.

This transaction did not involve changing a password, adding a sub-account with a new password, or anything similar, so why is my password being printed out? More significantly, why is .Mac storing plaintext passwords in the first place? This is an old security mistake, and anyone designing a service on top of Unix should know better.

Update: a few days later, they decided to bump disk storage for everyone and cut the price of bumping it further. Unfortunately, they also bounced a lot of email for a day with bogus “over quota” errors.

Update: well, that’s at least useful. The standard .Mac account now has a total of 250MB of storage, which can be divided up between email and iDisk however you like. My upgrade to 200MB of iDisk storage is now to a total of 1GB, divided evenly by default. I quickly cranked the email storage down to 50MB and put the rest into the iDisk. You still can’t safely sync it when you’re on a wireless network (your .Mac password is sent in the clear for non-SSL WebDAV), but it’s still a handy tool.