A recent article in the New York Times demonstrates just how helpless our nation is against hacker threats. Please notice my lack of using the word "Cyber" which in reality has nothing to do with the Internet or computer security, despite the media's attention to the word.

The revelation that a major defense contractor had their network broken into and extremely sensitive data stolen is nothing surprising. I think we can all assume it was the Lockheed Martin attack even though they haven't named which contractor was compromised. The timing makes sense.

Security Is Tough, Tracking Exploits Tougher

I've used Netflix for nearly two years now. I signed up for $15 / month with three DVD's and unlimited streaming. Since January's price increase I've been paying $22 / month.

Now in less than 6 months they are increasing rates yet again, and by quite a large number. With taxes I'd be paying almost $30 / month for the same service, in addition to the $150 a month for Cable TV with Internet that I also have. Originally I justified Netflix because at $15 / month it was about the same price as what I paid at the local video rental shop.

Today I changed my plan to $7.99 streaming only, and the primary reason I'm keeping that is so my daughter can stream movies while at college. Then I found out that I can't stream to my Wii in the living room for the kids and my Blue Ray in the bedroom at the same time on that plan, so I may just cancel it completely.

With so much about stock prices and companies being based on total revenues, I don't see how they plan to win on this. Their streaming service is very limited in offering - almost no decent movies released on DVD in the past 2 years are available for streaming - but it was a nice addition to the DVD plan. Streaming is great if you simply want to watch old TV shows or a lot of cartoons.

Today, LulzSec attacked Eve Online, Minecraft and Escapist Magazine. It looks like Minecraft and Escapist were simple DDOS attacks, but Eve may be more sinister with their claim to have wiped the login server.

The same group recently hacked a porn website and posted the emails and passwords for several hundred users online.

This brings up a really good question. Why would you trust anyone with "your password?" If I log into Facebook, they now now "my password." If I use that same password anywhere else I'm essentially trusting that not only will Facebook not be evil with my password, but that they are smart enough to keep ALL hackers out of their list of passwords so that "my password" is kept secure. It's like giving a stranger on the street a copy of the key to your car and hoping they won't either pass it on or use it themselves.

Never, never use the same password for multiple sites, unless you're comfortable with losing all of those logins at the same time. That means your bank account, email account and facebook account really must all have separate passwords.

Also, if you use any service that supports "two-factor authentication" please, please activate it. GMail and Facebook both support two-factor authentication methods now that require more than just your password to login.

Here's a lesson for you 'Droid developers out there.

Build your support into your app. I don't mean a feedback method, although that's still a good idea. I mean constantly try to eliminate the need for support by having your app anticipate problems.

For instance, my Calibre Library app now anticipates 90% of user problems and helps them solve it right there. One of the largest issues I've had are people just not being able to connect to their desktop server for multiple reasons including:

• Wireless is off
• Wireless is on, but not connected to the local LAN
• The wrong IP address is entered so it can't find the desktop

I've had people claiming to be "techs" who claim the app is crap because they can't get it to work - but the problem is that their wireless is off on their phone.

Other people enter a desktop IP address of "192.168.1.1" which as everyone in the know knows, is probably NOT the desktop computer.

I just learned the hard way that you can't run multiple Eucalyptus cloud controllers on the same network.

I'd assumed that as long as each cloud had a different private address pool and physically separate cluster networks that it would work.

After about a day, the primary cloud starts detecting the secondary cloud and things went a bit haywire. The primary cloud controller crashed but left the instances still running.

Rebooting things didn't get much better either - the nodes just didn't work right. Not quite sure what the deal was but nodes would show available, but all instances would just stick at "starting" and never fully reach a running state. Checking "euca_conf --show-nodes" resulted in no instances showing associated with any nodes.

I had to power down the new test cloud and de-register it's cluster controller from the primary cloud (which magically registered itself) and a reboot or two later was able to get my primary cloud back up and running.

To clarify - I wasn't trying to run multiple clusters, but wanted a completely separate cloud with it's own clusters. For future reference: do it on a separate subnet.

This took me several hours to figure out, primarily because Ubuntu 11.04 Natty is different from 99% of the tutorials I could find online.

If you use some sort of network authentication for your desktops and want to use a wireless card, you need your wireless to sign in before the user login screen is displayed.

Here's how to do that.

THIS IS NOT FOR LAPTOPS

This method specifically is for desktops, and does not allow a laptop to work when away from the network.

First, remove network-manager

Network-manager will interfere with this, so the safest thing to do is remove it first:

sudo apt-get remove network-manager

Next, find your network card:

lshw -C network

This will spit out something similar to:

# lshw -C network
  *-network               
       description: Wireless interface
       product: AR5413 802.11abg NIC
       vendor: Atheros Communications Inc.
       physical id: 0
       bus info: pci@0000:03:00.0
       logical name: wlan0
       version: 01
       serial: 00:1a:c1:35:c9:d1
       width: 32 bits
       clock: 33MHz
       capabilities: pm bus_master cap_list ethernet physical wireless
  

No doubt by now you know that Sony's Playstation network was hacked. The attackers got away with the user database, and probably with credit card information as well.

I'm going to get a little technical today and talk about passwords.

Most people use the same password for GMail as they do their bank login. This is bad. Let me explain why.

For many years, smart software developers have been "hashing" passwords. What this means is that when a user logs in, their password is run through a special one-way mathematical formula that makes it look like giberish, and that is compared to the previously giberish-ed version that they store. The plain text password is not stored at all, so theoretically nobody can get your actual password if they peek inside the database.

Be Very Afraid