I finally decided to dump my old Toyota Corolla POS. It was a bit of a money pit, and the straw that broke the camel’s back was the check engine light coming on as I was driving to work. I had it checked out (for $85!), and was told I needed new spark plugs. That’s not a really big deal on it’s own, but I’ve put $600 into that car in the past 3 months.

So, I decided to look for a new car. That car is a Volkswagen City Jetta (sorry, only available in Canada). I just have to haggle with the dealer for a better price. I hate haggling. It’s an awkward experience, though less awkward than driving my ‘98 Corolla.

Just a quick note. I just discovered that OS X Leopard comes with Subversion already installed. Great news. The sooner Subversion replaces CVS, the better.

Also, check out ZigVersion if you’re looking for a SVN client. It’s free for non-commercial use, and it’s leaps and bounds better than SVNx.

I don’t know why, but I’ve been thinking a lot lately about how I manage my online passwords. I did a quick survey at work and found that most people (myself included) use the same password for many websites. This might not seem like a big deal, but what would happen if somebody got hold of your password? They’d have access to every site you use that password on.

To solve this problem, I came up with a list of criteria for the best password policy

1. I need a different password for each site I use.
2. The passwords need to be strong (not dictionary words, have upper case, lower case, numbers, punctuation, etc).
3. The solution needs to be portable (I’m not always at my own computer).
4. The solution needs to be difficult to compromise.

The first thing I thought about was a password manager like KeePass, but this violated criteria number 4. The way KeePass and many other password managers work is by using the idea of a “Master Password”. You enter the master password into KeePass, and you have access to all your other passwords. KeePass is designed to be portable by allowing you to install it on a USB stick. The problem with this is the potential that somebody could discover my master password, and have access to all my passwords if they stole my USB stick. Also, I could easily lose (or forget to carry) my USB stick, in which case I’d be out of luck.

I also thought of installing a web-based password manager script on my server, but that has the same inherent problems that a disk-based password manager has, except instead of losing the device, the server could go down at an inconvenient time leaving me without my login information.

I read about a plugin for Firefox that also used a master password function, but it would create website passwords by using the domain name of the site as a seed for creating unique random passwords. While the plugin still violates criteria number 4, it got me thinking about using the domain name to create passwords.

What I decided to do is to come up with an easy-to-remember algorithm that I could apply to a website’s URL to give me a really strong, unique password. For example, your algorithm could be this:

• Convert every other letter in the URL to upper-case.
• Interpose the letters of your favourite pet’s name into the domain name.
• Add a predefined string (maybe the month of your birth ex:March) to the end.

If your favourite pet’s name was Fluffy, and your birth month was March, and you applied this to hotmail.com, you would get HfolTfmfAfiyL.CoMmarch. For gmail.com, you’d have GfmlAuifLf.yCoMmarch.

These passwords look too hard to remember, especially if you had to remember a different one for each site you were registered at, but the beauty of this policy is that you only need to remember the algorithm you used to create the password.

This is the best personal password policy I could come up with. If you have any other good solutions, please let me know.

This is why I love The Office so much.

The ExtraLife web comic has been added to the feeds section. The comic strip is now inside the feed itself.