| |
This message details three upcoming LUGNET site changes. Briefly,
these are as follows:
1. Improvements in password security
2. Removal of lugnet.off-topic.pun newsgroup
3. Name change
Please see the following sections below for more details.
-=-=-=-=-=-=-=-
1. Improvements in password security
Over recent months, we've received many kind suggestions on how to improve
LUGNET's membership password system. Some of these suggestions include
anecdotes illustrating various troublesome scenarios, others reflect more
philosophical experiences. We've taken a deep look at the problem scenarios
and have come up with a solution that results in a much safer and more
secure system. Reimplementation details and associated problem scenarios
follow.
The first troublesome scenario was related to the Caps Lock key. Just about
everyone, it seems, at one time or another, has been bitten by the Caps Lock
key when typing in a password. Since password characters do not show on the
screen when they are typed, it isn't always apparent during this time whether
Caps Lock mode is active or inactive. Thus, it is possible to get into a
predicament where your computer received one or more uppercase letters by
mistake when you thought you were typing lowercase letters (or vice-versa).
The way we've chosen to work around this is to require passwords to consist
of lowercase letters and no uppercase letters, then ignore accidental case
conversions.
The second troublesome scenario was also a keyboard issue, and is related to
the Num Lock key. On full-width desktop system keyboards, the Num Lock key
usually controls the 10-key pad on the far right and controls whether the
computer receives numeric digits or directional motivators (up, down, left,
right, Page Up, Page Down, etc.). This rarely poses a problem on older
full-width desktop system keyboards. However, on laptop system keyboards,
which are much smaller and have no dedicated 10-key pad, the Num Lock key
actually still modifies main keyboard behavior. What laptops typically have
is a "virtual 10-key pad" which overlaps right-hand letter keys. For
example, many newer laptop keyboards have a mapping similar to this:
7& 7 8* 8 9( 9 0) /
Uu 4 Ii 5 Oo 6 Pp *
Jj 1 Kk 2 Ll 3 ;: -
Mm 0 ,< .> . /? +
This is a handy way for manufacturers to extend functionality without
providing dedicated numeric keys, but this readily lends itself to
accidental mode switching. For example, someone who thought they were
typing "aluminum" was actually typing "a3405n40", and someone who thought
they were typing "jump" was actually typing "140*".
The way we've chosen to work around this issue is simply to disallow numbers
and special characters in passwords altogether and to handle conversion in
cases of accidental Num Lock settings. Thus, if you type "0532", it will be
as if you typed "milk".
A third troublesome scenario stemmed from minimum-length requirements on
passwords. Any password system that requires combinations letter several
characters long carries with it the risk that its users may forget their
passwords. The old password system here allowed users to choose from more
than 200 different characters at each position and required passwords to be
at several characters in length, yielding 6,712,413,982,338,172,576 unique
possibilities. With that many possibilities, there was really no way that
you could ever "guess" your password if you forgot it.
After much consideration, we've decided to relax the minimum-length
requirement rather significantly and require that passwords (a) be exactly
three letters long and (b) be the names of animals in the English language.
Relaxing the requirements in this manner reduces the total potential for
confusion down to a very short and manageable list of 3-letter permutations.
The following words are now accepted as passwords: ant, ape, asp, ass, auk,
boa, bee, cat, cur, doe, dog, eel, elk, emu, ewe, fox, gnu, hog, jay, kea,
lop, moa, owl, pig, pug, ram, rat, rex, sow, and yak. These may be typed in
any mixture of uppercase of lowercase.
Obviously, this is a big win for those who are chronically forgetful of
passwords, for at most 31 possibilities need be checked to reach a recovery
state. In addition to these 31, there are 2 special animal-related words,
ark and zoo, which will be available as global back-door passwords if all
else fails. These last two, however, should only be used with the utmost
caution and consideration and should never be used to gain unauthorized
access to the accounts of others.
-=-=-=-=-=-=-=-
2. Removal of lugnet.off-topic.pun newsgroup
The next changepoint concerns one of the subgroups of the lugnet.off-topic.*
newsgroup hierarchy. The point has been raised that lugnet.off-topic.pun
group is grossly unfair in that it allows puns, but discriminates against
other perfectly valid forms of humour. Consequently, the .pun newsgroup
will be going away on April 8 (one week from today). Old messages will
remain in the archive, but the server will not accept new messages posted
to this group. We will post a reminder message one day prior.
-=-=-=-=-=-=-=-
3. Domain name change
Finally, some exciting news:
A clone-brand manufacturer who shall remain nameless has contaced us and
has made a very sizable cash gift in exchange for LUGNET changing its name.
(Note that LUGNET was established to honor and serve specifically LEGO
brand toys.)
On July 1, 2001, LUGNET will officially change its name to LEG-GODT.
Subsequently, the domain lugnet.com and it subdomains will be moving to
leg-godt.net. (As you may know, the phrase "leg godt" means "play well"
and is the original phrase upon with the name "Lego" is based.)
A three-month transitional period will occur while links are updated and
numerous other loose ends are tied up. More details will follow in an
upcoming announcement.
-=-=-=-=-=-=-=-
Disclaimer: This message was posted on april fools day and may not be of an
entirely serious nature.
--
Todd S. Lehman | LUGNET Admin <todd@lugnet.com>
|
|
Message has 5 Replies:
 | | Re: Upcoming system changes
|
| (...) Todd, just for clarification, are other 3-letter animals that aren't on the list ok for use? I just changed my password to PIG, but I wanted it to be COW because that's what I use for Paypal. If not then I guess I'll just moove that one to PIG (...) (23 years ago, 1-Apr-01, to lugnet.admin.general)
| | | Re: Upcoming system changes
|
| (...) Hm, that was really scary!!! I'm glad I did read it to the end too. But I hope that Todd may clarify somepoints, now that April Fools Day is over! The disclaimer only says: "...may not be of an entirely..." which still includes the possibility (...) (23 years ago, 2-Apr-01, to lugnet.admin.general)
| | | Re: Upcoming system changes
|
| In lugnet.admin.general, Todd Lehman writes: <snip> (...) I wonder why they want it so much? They must figure everyone knows the name, soe lots of people will come across their site!? (...) You should get a page there for now, so people can bookmark (...) (23 years ago, 2-Apr-01, to lugnet.admin.general)
|
6 Messages in This Thread:
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
