• (cs) in reply to snoofle
    snoofle:
    Having thought about it for a few minutes, I wonder if they also require byzantine password change rules (you know, 8+ characters, mixed case, at least one digit and at least one non-alphanumeric symbol, changed every month with no repetitions for at least 13 months)? Should make getting this guy up and running more interesting...

    You mean

    Password-1 Password-2 Password-3 ...

    These rules practically guarantee that people will start to use patterns (and yet are very common). Maybe we should have "no common sub-strings of more than 2 characters", instead of "no repeats"

  • Tom (unregistered)

    The best laid schemes o' mice an' men...

  • PC Paul (unregistered) in reply to brandon
    brandon:
    You cannot never plan for abject stupidity.

    Really?

    I find quite the opposite.. you can depend on it.

  • Worf (unregistered) in reply to Alchymist
    Alchymist:
    snoofle:
    Having thought about it for a few minutes, I wonder if they also require byzantine password change rules (you know, 8+ characters, mixed case, at least one digit and at least one non-alphanumeric symbol, changed every month with no repetitions for at least 13 months)? Should make getting this guy up and running more interesting...

    You mean

    Password-1 Password-2 Password-3 ...

    These rules practically guarantee that people will start to use patterns (and yet are very common). Maybe we should have "no common sub-strings of more than 2 characters", instead of "no repeats"

    Or how about something like making a very secure password in the first place, and not making users change it every N days? I'm sure if you give even a new person a password of Iwkrds*(4kSY73o)(383, they'll remember it eventually (give them a month or two).

    Forcing users to change secure passwords and make new secure passwords just encourages them to choose weaker, easier to remember passwords, follow a pattern, or write the damn thing down. Let them make a really secure password and have them change it really infrequently, and you'll find those passwords are more secure, longer, and won't be easily guessed (bonus points for trying to crack them and making those whose are too easily guessed change them to something more secure).

    Sometimes IT policy ought to step back and examine the intentions. Changing passwords every X months ends up leading to insecure passwords as users have to write them down (the instant they get comfortable with them, they have to change 'em), choose insecure pattern ones, or other stuff. But give them a really complex one that they can't change, and they'll find muscle memory and such means they don't forget it/write it down/etc. Is one secure password string that doesn't change over 5 or 10 years better than a changed password every month? After about 6 months, it probably will be.

    CAPTCHA: gygax. Cool!

  • bramster (unregistered) in reply to Bitter Like Quinine
    Bitter Like Quinine:
    8" Floppies? You were lucky!

    One production machine I worked on a few years ago still had core memory and a paper-tape punch. After a severe crash, you might have to 'toggle-in' the boot program using the switches on the front of the machine, joy! Mind you, that was a rarity, the computer ran for 25 years with a 99.7% uptime.

    When the laboratory held an open day, the mollycoddled cray-botherers in the computing department decided to make a history of computing display (how original), so the call went out, did anyone have any old punched tape? A souvenir perhaps?

    No, we replied, but if you want we can punch a fresh roll for you?

    At first they didn't believe us, and in the end they sent two people over to witness the tape being cut (presumeably just one person wouldn't have been believed).

    Ah, yes. Core Memory. Turn the machine off, ship it across the country, and turn it on. The hardware cycles through and you start setting type. -- 1976, a mergenthaler VIP typesetting machine -- long before Adobe and Truetype.

    Xenon strobes and photographic paper, darkrooms and the such, and "programming" a 16K memory minicomputer. Those were the days.

    My introduction to all this was learning how to visually read the TTS paper tape.

  • bramster (unregistered) in reply to Worf
    Worf:
    Alchymist:
    snoofle:
    Having thought about it for a few minutes, I wonder if they also require byzantine password change rules (you know, 8+ characters, mixed case, at least one digit and at least one non-alphanumeric symbol, changed every month with no repetitions for at least 13 months)? Should make getting this guy up and running more interesting...

    You mean

    Password-1 Password-2 Password-3 ...

    These rules practically guarantee that people will start to use patterns (and yet are very common). Maybe we should have "no common sub-strings of more than 2 characters", instead of "no repeats"

    Or how about something like making a very secure password in the first place, and not making users change it every N days? I'm sure if you give even a new person a password of Iwkrds*(4kSY73o)(383, they'll remember it eventually (give them a month or two).

    Forcing users to change secure passwords and make new secure passwords just encourages them to choose weaker, easier to remember passwords, follow a pattern, or write the damn thing down. Let them make a really secure password and have them change it really infrequently, and you'll find those passwords are more secure, longer, and won't be easily guessed (bonus points for trying to crack them and making those whose are too easily guessed change them to something more secure).

    Sometimes IT policy ought to step back and examine the intentions. Changing passwords every X months ends up leading to insecure passwords as users have to write them down (the instant they get comfortable with them, they have to change 'em), choose insecure pattern ones, or other stuff. But give them a really complex one that they can't change, and they'll find muscle memory and such means they don't forget it/write it down/etc. Is one secure password string that doesn't change over 5 or 10 years better than a changed password every month? After about 6 months, it probably will be.

    CAPTCHA: gygax. Cool!

    One of the reasons for following this blog, is that every once in a while, someone comes out with something that just makes incredible sense. Being asked to change a password to "something completely different" every 40 days is completely retarded.

  • Jay Maynard (unregistered)

    I find myself wondering, as the project manager for an open-source IBM mainframe emulator, just what emulation environment they set up.

    It is possible to bypass security on IBM's mainframe OS from the 1990-2001 era, but it's a royal pain in the butt.

  • Winter (unregistered) in reply to bramster

    [quote user="bramster"][quote user="Worf"][quote user="Alchymist"][quote user="snoofle"]Having thought about it for a few minutes, I wonder if they also require byzantine password change rules (you know, 8+ characters, mixed case, at least one digit and at least one non-alphanumeric symbol, changed every month with no repetitions for at least 13 months)? Should make getting this guy up and running more interesting...[/quote]

    You mean

    Password-1 Password-2 Password-3 ...

    These rules practically guarantee that people will start to use patterns (and yet are very common). Maybe we should have "no common sub-strings of more than 2 characters", instead of "no repeats"[/quote]

    Or how about something like making a very secure password in the first place, and not making users change it every N days? I'm sure if you give even a new person a password of Iwkrds*(4kSY73o)(383, they'll remember it eventually (give them a month or two).

    Forcing users to change secure passwords and make new secure passwords just encourages them to choose weaker, easier to remember passwords, follow a pattern, or write the damn thing down. Let them make a really secure password and have them change it really infrequently, and you'll find those passwords are more secure, longer, and won't be easily guessed (bonus points for trying to crack them and making those whose are too easily guessed change them to something more secure).

    Sometimes IT policy ought to step back and examine the intentions. Changing passwords every X months ends up leading to insecure passwords as users have to write them down (the instant they get comfortable with them, they have to change 'em), choose insecure pattern ones, or other stuff. But give them a really complex one that they can't change, and they'll find muscle memory and such means they don't forget it/write it down/etc. Is one secure password string that doesn't change over 5 or 10 years better than a changed password every month? After about 6 months, it probably will be.

    CAPTCHA: gygax. Cool![/quote]

    This is silly. Writing your passwords down is not a bad thing! Unless you have building security that just allows the public to walk in and out as they please at any time of the day. And if someone can get in and steal or read a bit of paper with the password on it, then they can get in and do more damage than that, or even just steal the whole machine and break the password slowly in their own time.

    That said, where I work, they keep all of the backup tapes in a heap next to the file server, which is in the corner of the office. If I wanted to "defect" to another company I could pinch a tape and just hand it over. Not to mention what might happen in a fire, for instance.

  • (cs) in reply to Bitter Like Quinine
    Bitter Like Quinine:
    8" Floppies? You were lucky!

    One production machine I worked on a few years ago still had core memory and a paper-tape punch. After a severe crash, you might have to 'toggle-in' the boot program using the switches on the front of the machine, joy! Mind you, that was a rarity, the computer ran for 25 years with a 99.7% uptime.

    When the laboratory held an open day, the mollycoddled cray-botherers in the computing department decided to make a history of computing display (how original), so the call went out, did anyone have any old punched tape? A souvenir perhaps?

    No, we replied, but if you want we can punch a fresh roll for you?

    At first they didn't believe us, and in the end they sent two people over to witness the tape being cut (presumeably just one person wouldn't have been believed).

    Any chance it was a DEC PDP-8?? Anychance it still exists? If so, I am interested in making sure it gets preserved. It is easy to find my real identity by a google on my handle....

Leave a comment on “Immaculate Backup ”

Log In or post as a guest

Replying to comment #:

« Return to Article