Wandering Thoughts archives

An attraction of planet-style blog aggregators as your feed reader

I've recently realized an attraction of planet-style blog aggregations: by design, they have no way to go back in the feed history. You get one page of entries (however larger that is configured to be), and that's it.

This sounds like a peculiar thing to be an attraction, but it means that compulsive information junkies with not enough spare time have no choice but to let things go. We cannot wind up sitting on several thousand unread feed entries that we are theoretically going to read sometime; there is not even a temptation to not move on. The software just does it for you.

(The one danger to this approach is that planets themselves have syndication feeds, which do capture all that history, assuming that your feed reader updates frequently enough. Avoid that temptation. Really. Read them through the website.)

For a certain sort of compulsive reader this letting go is very hard, so if we are left to our own power we won't. Reading feeds through a planet, with no choice about it, winds up being peculiarly liberating.

(I was sort of trying to do this with reading backwards, but in practice it didn't work out that way.)

I don't think that I'm hardcore enough to rebuild my feed reading as a private planet instance, but having come to this realization, maybe I should remove a number of planet feeds from my feed reader in favour of just looking at their web versions every so often when (or if) I have the spare time. If nothing else, it would remove a little mental burden and nag that's in the back of my mind when I open up my feed reader.

My approach to website passwords (and why it is the right one)

Recently, I read yet another article that asked people how many of their accounts would be compromised if someone got their password on a non-critical website. My answer is simple: none. And I think that this should be the answer for most everyone, to the point where it irritates me that it isn't.

I always use unique passwords for each website, generally a strong random one. For non-critical websites, I have my browser memorize them for me (and I get irate when this is not possible for stupid reasons). For critical websites, I write down the password on a physical piece of paper and then keep careful track of where it is; this is no particular burden, because there are very few critical websites.

In theory, this is hideously insecure; a single system weakness on my workstation could give an attacker access to many of my accounts. In practice, there are two things wrong with the theory. First, I have already decided that those are non-critical accounts that I don't care too much about the security for, and second, in practice it is far more likely that one of the websites I use will have its account database or login system compromised; in fact, such compromises are routine.

The clear conclusion is that using different passwords and allowing my computer to memorize them is in practice the more secure approach. Of course, this is not the approach most people are taught, which irritates me a great deal; it is a perfect example of mathematically correct security.

The website security fantasy, pushed by at least some security practitioners, is that people will use separate passwords on all websites and memorize them. This is not happening, because it is a pain and people don't do painful things. So we have two real choices; either people memorize one password and use it everywhere, or people use different passwords everywhere and have their computer memorize them. Sadly, teaching people the fantasy generally winds up with the reality being the first option.