Chovy's Blog

Here is a list of my web host gripes I will update them as we go:

Restrictions so far:
1) only my processes in ‘top’
2) only one dbuser per db
3) only one dbhost per db
4) db does go down occassionally
I’ve noticed because a query locks and doesn’t have a release timeout.
Possible solution: switch to postgres if this is infact a mysql weakness
5) their cronjob times are conflicting with my automated backups (I read when they read/write/lock?). I can fix this I think (by finding out their times and leaving plenty of padding for mine). This error came about with rsnapshot a linux backup utility (err# 23 or 24 in rsync manual).

My apologies for the fear mongering headline….(but I wanted you to think about this).

Ok, so my web host started restricting everybody to 1 database user account per database. Here’s the problem with that:

(in response to another user complaining about having write all the user/pass combos down).

yup. major !@#$ insecure writing this down. Here’s what everybody will do:

list of names:
username1/password1
username2/password2
username3/password3
username4/password4
username1/password5
username100/password100

Ok. I can’t commit a list of 100 username and password combos to memory. so what do I do?

I write them down….wait, nope. I can’t access that unless I’m at home.

So here’s what I do:

I save it in Notepad and ftp it on my web server as plain text, or in My online “notepad” my email service provides, or as an email in my “saves” folder.

Now at least I can get to it, but then again, so can everybody else who reads my email. (if you don’t think this is happening, do it again…wtf do you think a spam filter does? – it reads your email. WHO is filtering my spam?)

I’d be surprised if this post makes it past the 5 minute deletion time :) (referring to hosting provider perceived deletion of posts – may just be the search sucks. I can never find any of my threads).

Once again, the case can be made to ask the question:
“Who do you let filter YOUR spam?”

1) YourISP, Co
2) TheirISP, Co
3) MyISP, Co.

If you answered yes to one of the above, then face it. “THEY” are reading your email.

SO what…It’s a commonly known fact that email isn’t secure. FINE – this is absolutely true. But does everybdoy know that? I do NOT like writing down passwords, however because nobody will come to agreement on an authentication standard in this area, or it’s too difficult or costly to implement in legacy systems, we as the human species will have to continue to jot down these numbers which are overloading our short-term memory.

THIS is waht I REALLY Hate:
Choose password:
(Usually something like “@BUck!off&!”)

Here’s the error message I get:

“Sorry! It’s not valid, we don’t like those “funny characters”. Please use something simple and guessable like “abcdefgh” (but please make it 8 characters so the people trying to crack into your account will know when to break out of the loop…if you think that’s dumb. please include up to TWO digits of your choosing! Yes that’s right (but they can only be between 0-9). Remember, we’ll be crunching these 8 million per second on our hopped up version of Jack the Ripper. So it DOES make a difference, at least to them!”

— your friendly neighborhood Cr4k3rH3ad

ps – we’ll continue to work on your password while you’re asleep, or simply read your list you emailed to yourself (yeah, we saw that too).

I went off on a tangent with the spam filtering conpiracy thing (this just occrured to me while I was thinking about automated filtering). It’s completely possible, however. GMail anyone? – it IS a great service, and out of the spam filtering I tested, got the best rating among the two free email services I tested. But when you find out they were reading your email and buidling a profile on you, don’t come cryin’ to me baby ;-)

You’ve been forewarned, your ignorance is their gain.

It’s difficult to be anonymous online :-)