How is it possible that there are still sites that do not let you use a space, punctuation and/or caps as part of your password. Are you joking? It's almost as if they took extra effort to filter that out and make your passwords weaker. 'Cause let me promise you something... Ascii character 32 (a space) is a perfectly valid character for a computron and is functionally equivalent to char 44 (a quote), 52 (the number 4) or 119 (the letter w). The only reason that wouldn't work as a password is if you're storing the passwords in the database as clear text, and really? Are you that dumb? Really?

Let me give a thumb up (note, not thumbs) to Roboform. I can't believe I haven't used this before. Actually, I think I have used it before, I think it was just 10 years ago and it was miserable. Well, it's no longer miserable, but it could use a LOT of UI and UX help. It is great for not having to remember which permutation of my username or password I used on which site. Amazing how many differences there are, despite the fact that I try and use the same one every where. Yes, I know this is a huge security risk, but here's how I mitigate that (somewhat). Sites I don't care anything about my account being compromised = one user and pass. Sites that are financial related (there are probably a total of 10 of these) = another user and pass. Sites that are site admin related = a third user and pass. It's not perfect, but it works. But now that Roboform can remember all this shit for me, I'll use it, plus the randomly generated password function. The biggest problem is going to any other machine - there should be a way to go to Roboform first, and then browse to another site through them so that Roboform can manage your login ... though this offers up a sweet vector for attack as well.

Let me take a step aside for two seconds and comment on something else. It is RIDICULOUS that there isn't a magic cloud out there (from MS most likely) that stores EVERY bit of custom data that I do to a machine. When I got to a new machine, there should be virtually no time for me to sit down and have everything that was on the old machine now on the new machine. Programs, settings, font color, etc. The transfer cable is a nice idea, but it's one time only, which makes it meaningless. I have a home computer, a laptop and a desktop at work... I HATE the number of times I've had to re-install, re-set the same setting over and over again. For all of you that say, no, this is actually very hard... it's very hard because YOU the application developer, throw your shit all over the OS in shared libraries and what not. The registry is worthless... store your own config in your own directory, your own copies of shared libraries (if they're not installed), your own EVERYTHING and you make everything easier.

Continuing on the subject of website security, I totally agree with this blogger: Captchas are lame. First, whatever site you're working on/with ... you almost definitely do not need a captcha. How about having a problem first with spammers using your site as a through put and then implementing the solution. When I see it on some no name blog, it just makes me think you're just high on yourself. That's not to say you shouldn't use verification or logins to access your mailing function, just that you shouldn't be so full of yourself. Second, there are probably a bajillion other vectors of attack in your website, how about looking at some of those. I guarantee you have at least 1 sql injection, weak password/infrastructure, XSS or other much more serious attack to deal with than comment / user account spam. Third, there are a million other tools out there, stop pushing the pain onto me to use your site. You should be making it ridiculously easy for users to comment, not making them question whether or not it's worth it.

There was a creation the other day that almost made me question the above: The ReCaptcha Project. It's beautiful sideways thinking! In essence, they take printed text which machines can't read, scan it in and present it to users for translation. This translation goes back into the original project and helps to digitize the book. Like mechanical turk (one of the best names for a website ever, based on the ), except all three parties (the site looking to avoid spam, the digitizer looking for the translation and the user who wants both a spam free site and (theoretically) wants a world full of more knowledge) benefit.

Caught this little tool on The Consumerist --

Let me summarize with a big meh. Most business computers come with a fingerprint reader and, let's be honest, anything that requires you to remember to carry it around is worthless... unless your password is in you (your brain) or permanently attached (your finger) it's pretty much worthless. We just need a simple tool in all the default browsers to plug-in to the fingerprint reader. Of course, most of the time, it's not the password that's the problem... it's the person. Phishing and/or forgotten password is far more likely to be a cause of a compromised account than anything else.

I know, I know, you're thinking, this guy never shuts up about headphones. Well if one post ever 3 years is too much for you, you better find yourself another blog.

Here's what I'm in the market for:

1) Pair of headphones that I can wear on the bus. Noise canceling would be great, but not critical. Bluetooth/wireless, also great, but not necessary. Current leader of the pack?

JVC Marshmallow Inner Ears

Normally I hate inner ear things, they always seem to hurt after wearing them for too long. But these are very cheap and seem to fit the bill (wearable on the bus, wrap up nicely)

2) Pair of headphones for listening at work all day. Yes, I'll be creating a bionic office eventually, but for now the new company I'm working on is cubes only. This means in order to get any work done, I need to strap them on. Requirements: Comfortable to wear for 8 straight hours, noise canceling. Nice to have: Bluetooth/wireless + recharging cradle. Current leader of the pack?

Audio-Technica ATH-ANC7 QuietPoint Active Noise-Cancelling Headphones

Basically, these are the highest rated according to the various online mags I read, but they seem pretty good.

As another aside, why is it that there isn't a great review site for stuff like this with UGC. Am I just missing it? I mean AVSForums is great, but there's no place to vote stuff up to the top. What am I missing?

Yahoo Music.... you're fired. You're so fired, it isn't even funny. Why? Quality of service? Nope that was great. Selection? Great as well. It was the player. THE DAMN PLAYER. Come on.

So I've switched over to Rhapsody, which is a bit better. But I wanted to catch some Kayne West, v. 50 Cent goodness so I could decide for myself which is better. Only when I come upon the Kayne West album to discover two tracks are missing because they haven't been given permission to be streamed. ARE YOU KIDDING ME? Fuck you. FUCK YOU. F-U-C-K Y-O-U. I'm thinking it's not even Kayne West's fault... it's some label lackey who has decided this is the best way to upsell albums. FUCK YOU LACKEY.

Oh, and before you jump off and say DRM is wrong and Steve Jobs is right, I'm a huge fan of the subscription. HUGE. And, by and large, I'm willing to pay the DRM cost in order to keep the price down. The fact is, I can count on my dick the number of cd's I've needed to take to a place where I didn't have wifi/ethernet access and/or a connection back to the Interweb once at least once a month (Yahoo's method of working on this kind of stuff was you would download it to your portable player and it would need to call home once a month to make sure you're still subscribed... I'm not sure, as I haven't checked, but I think Rhapsody works the same way). And, the fact of the matter is, that except for the VERY rare release (Chutes Too Narrow, Give Up, Anything by the Strokes, maybe (and that's a big maybe) 200 full albums total since I started listening to music, etc), I don't even listen to releases more than a year after I have them. What difference is it to me whether or not I have a piece of dinosaur carcass and metal that provides me with some token of meaningless ownership.

Assume the two following scenarios:

1 CD per month = $15 x 12 = $180 plus ~200 tracks I can enjoy forever

1 subscription per month = $13 x 12 = $156 plus A BILLION TRACKS

At the end of one year, who is ahead? At the end of a thousand years, who is ahead?

And for those who care about switching services... yeah, I've got a hint for you too. Let me promise you that the search providers through all of these things are a million times better than your organization/search system. So here's a hint... delete all previous music you downloaded and just search based on what you want to listen to now. It's virtually instantaneous, and you'll never remember what you didn't want to listen to  in the first place.

Before I finish up, let me reiterate my thoughts:

#1) Subscription = good

#2) Yahoo player = ass

#3) Rhapsody = meh, but better than Yahoo

#4) Senior douche working for Roc-a-Fella Records who is responsible for making me have a less than ideal experience simply because you think you're going to upsell me and claim some portion of Kayne West's quarterly album sales as "your doing".... YOU FUCKING SUCK. You make the world ever more miserable for the rest of us to live in. I hate you.

Last night I got in a fairly heated discussion about the value of a college education, and today I check out a magazine (a 6 month old magazine, but a magazine nonetheless), with a great study in there about the actual value. I love it when that happens. Anyhow, they say the value of the education, monetarily anyway, is basically 50% at 30 years old. So $50,000 becomes $75,000 a year. That's pretty good! (this is up from a 17% gap in 1979 btw).

However, I really have to play up the networking aspect as well. Since I've started 3 companies with a buddy of mine from college (the first one was with another buddy as well) seems pretty valuable to me. I guess the question is whether or not that's worth the cost of $180k (current cost!!). I'd say it is, if for no other reason than you get to figure out how many beers you can really drink in a finite period of time.

But the best part of the article was learning yet another economics term which fits perfectly to a term I was looking for (again):

"Signaling" device - basically it means that the person (or object) you're looking at has done something in the past that requires some quality - hard work, creativity, connections, etc

Mr. Spolosky talks about this when he mentions hiring software developers. And it does make some sense. The biggest problem is that it also leads to me-too situations. Like how VCs chase after a company only after it has a term sheet, or invest in businesses where there has already been a successful (and often exactly the same) business in the marketplace. Or movie studios all pursue (and release) similar movies at the same time (see Mission to Mars v. Red Planet; Deep Impact v. Armageddon; etc etc). It's got to be one of the criteria that other people have looked at it and viewed your object/etc as valuable, but it seems like far too much weight is being placed on the fact that someone else has given the ok on something.