Passwords Suck

25. January, 2013

On Wednesday, GitHub improved their code search. A few hours later, a couple of people had tried “begin rsa private key” and got more results than any sane person would anticipate. Just in case, this isn’t a problem of GitHub, the same problem can be found on pastebin or with Google.

There are several reasons for people to publish sensitive data:

  • They don’t know what they’re doing (ignorance)
  • They are sure “no one will ever find out” (security by obscurity)
  • Distributing sensitive data anonymously (crackers)
  • It’s easier that way (laziness)

It’s not a corner case, either. The SQL*Plus tool from Oracle has no easy way to set the password from a script except by passing it on the command line which effectively publishes the password to any user on the same computer. You can install a “client-side Oracle wallet” to fix this.

But the common issue behind all that is that it’s either too easy to do it wrong or too hard to do it right. Just to see how bad the situation is, I asked for a secure web login/example on The answer was basically “it’s too complex to do.”

This sucks.

xkcd Money Chart

23. January, 2013

xkcd has posted a chart which puts money in relation. Here, you can see how much taxes the US raise, how much money the households make and how everything is split.

Click on the image to get a zoomable map like Google maps.

10 Tips for Using the Eclipse Memory Analyzer

22. January, 2013

“Analyzing and understanding the memory use of an application is challenging,” says Ian Bull in his blog post “10 Tips for using the Eclipse Memory Analyzer” and gives you useful guidelines how to wade through the data which Eclipse Memory Analyzer (MAT) collects for you.

There is no Spoon: Changing Final Fields in Java

21. January, 2013

If you’re the guy in the team who solves the impossible problems, you will eventually run into the worst of all design patterns: Singletons. Which are implemented in Java using final (static) fields.

Sebastian Zarnekow came up with a way to change that. Following the timeless advice from the Matrix – there is no spoon -, he found a way to modify (some) final fields.

As I said before, this is a desperate measure, so use it wisely. But remember this tool next time when you need to mock a singleton for a test case.

Semantic Versioning And Why You Should Care

18. January, 2013

If you create software that is consumed by other projects (i.e. when your output is a dependency for someone else), then “Semantic Versioning” is important for you.

In a nutshell, it’s a set of rules you should follow to make life easier for everyone.

You can find them here:

Selling Used Games? No Way!

4. January, 2013

Sony found a new way to harass customers: They filed a patent for a technology that prevents playing second-hand games.

In a nutshell, the “game playing system” checks whether someone else already played the game on a different system and if so, it refuses to start the game.

Great, isn’t it?

With ideas like that, Sony will surely overcome it’s financial issues, soon – by going bankrupt even faster.

Need more reasons not to buy Sony?

Related articles:

How Incentives (Don’t) Work

2. January, 2013

Ever wondered why companies do better when they don’t pay bonuses to managers?

In a nutshell, incentives occupy your brain. If your brain has to make complex decisions, then incentives reduce the amount of free brainpower available to solve problems. The result is poorer performance, not despite, but because of the bonus.

For details, see my old (updated) blog post: Bonus is Bad For Motivation