It is another vacation! Hey!!!!!

After Argentina and Chile last year and Cube and Mexico in May, this time I will visit… nowhere!

The old plan

That’s it. I was planning to go to Disney World, USA. The idea was to go in a big group and have fun. I went to Disney when I was in college (I lived in the USA for 6 months in an exchange program) and I loved it! Loved it! Disney creates a magic atmosphere that one cannot ignore. They mastered the idea themed park.

Well, my original plan started to go wrong when I foresaw a complicated end-of-year in my job, due to a project in that I was involved. Things went worse with time. My boss said once or twice that we would stay in extra hours if needed.

Then I reached the moment of choice. With a lot of uncertainty, the dollar-real ratio in a bad shape, and missed momentum, I’ve finally decided to abort my trip and stay home.

The new plan

Cry no more! I have a new plan!

Besides my formal job, I invest a great deal of time in my lovely hobby: designing video games. I do all the processes, from programming, drawing, writing, painting, and whatever is needed.

I have about 8 prototypes that I believe can reach the market someday. One of them is a puzzle game called Picubic. It is charming, it is challenging and it is fun. But most of all, it is the closest one to have, at this moment, a shot in the wild market. I named the gaming division of Bruno Massa Corporation as Gamenific, a mix of Magnific (magnificent) and Game!

For this reason, since I decided to abort my trip I also decided to invest all my time to launch it. Finish it once and for all and sell it. The plan is to launch its beta ITS WEDNESDAY! Kind of… The plan is in fact, to launch a funding campaign on Indiegogo (the poorer cousin of Kickstarter) to help to leverage some money and close it. But most of all, to attract people. The company will only gain traction if there is a big enough audience. Let’s create a brand!

I can now only hope that this plan works. Otherwise, it will be a waste of a good Disney moment.

For those that knows me, it’s not a surprise that I’m a bit paranoid with digital security. But in a good sense, I believe, because I do not suffer from this condition. It is an active and rational decision to be constantly aware of digital dangers. I am also very tolerant towards including extras security steps on the daily habits.

Inspired on two Brazilian stories involving cryptography, I decided to take a closer look into personal encryption. One from the fraudulent banker that could never be convicted because all the evidences were in his encrypted desktop computer. The federal police were never able to crack it. The other one was a forgotten laptop with major corporate secrets. The company? Petrobras, the Brazilian oil company and one of the top oil companies in the planet. Petrobras said that the secrets were safe: the strong encryption would hold any eyes from looking inside.

Imagine if suddenly someone steals your computer. Aren’t you going to be crazy?! Your personal photos, family stuff, work notes and free access to email and banking from the machine.

Note: I am talking about only encrypting the hard drive, so it is only useful for avoiding losing data in case of someone stealing your computer. Nothing else. Simple but efficient.

About 2 years ago, I discovered an open source product that I loved: Truecrypt/Veracrypt. It promised total protection for people like you and me. Being open source also adds much trust: not only I will not be locked with a single provider, but the method could be tested and commented by hundreds of eyes.

My desktop is unbreakable ever since. With powerful processors we have today, it is easy to turn all disks encrypted. Even the main Windows and Linux hard drives are protected. So if a theft steals my PC, I will lose the hardware but not the software. The information inside is unreachable. Even for USA government 😉 Ever. Hear that Obama? Ever!** **And the performance drop is unnoticeable. Amazing. I’m a happy customer.

On whole in the wall I was always worried but never dealt until: my smartphone. No need to say that it is probably the most vulnerable hardware that we own (we carry it everywhere) and it is full with important information. Easy to lose it somewhere or to be robbed. The information can be shared through the world. Finally I tried on my beloved Galaxy S3. One thing I knew I would gave to give up is the convenience of easy and fast access to my phone; entering a strong passwords all the time, because the whole point of the encryption is to lock other people out! For some, it is just a too heavy burden. For me it was not. A small price to pay.

While the encryption of the memory card was excellent, using it on the main phone’s memory compromised too much the performance. Odd. From boot to app switching, the lagging response was irritating. After two weeks, I had to revert it. Immediately it started to respond. I’m now gathering some strength to try this again. I’m going to read more to see what I did wrong. I know it is worthy.

Do you scramble your digital life or it can be read in plain view?

Passwords are the new era plague. They are everywhere. Every system relies on passwords. People, unfortunately, are not designed to memorize all of them. The most common solution? Use one password for everything. If you ask one to create a password, one will use the very same password.

Passwords have some intrinsic problems:

• difficult to create
• difficult to remember
• spread across several systems

Jeff Atwood wrote about the advantages of passphrases over passwords, but I’m still not convinced that it correctly addresses the problem. Using more robust brute force techniques, it will be, in fact, easier to break it, even if has several digits.

But when the person uses the same password over and over, there are some extra problems:

• cross site vulnerability when one is hacked

Some use password wallets; programs that stores all your passwords in one place. However, you are putting all the eggs in a single basket. If this program gets hacked, all your passwords are exposed. Also, you have to keep a record of all sites you use, which facilitates even more the job a malicious hacker.

PasswordMaker

Suddenly I found about PasswordMaker on the FLOSS Weekly 84 on Twit, which opened my mind for a nice solution. The idea is to create a password generator using a central password combined with a unique id for each site, which can be its actual address! So, your job relies only on remembering one single password, and it will recalculate the actual password each time. One password to rule them all.

It solves some problems.

complex password generation

It can automatically generate very, very, very strong passwords using a several possible characters. the default 8 digits and 99 characters possible, generate 1 password in 9 227 446 944 279 201, much better than 110 075 314 176 passwords possible using a simple lowercase letters only. I personally use very long passwords. Configuring it to create a 20 digits password, it will be one in 8 179 069 375 972 310 000 000 000 000 000 000 000 000! much safer!

cross site safety

If Facebook is hacked, your Gmail account wont be compromised. If Flickr is invaded, your bank account will still be intact. Because each site uses a different password, you will be protected on all the others. And believe me, it’s site invasion and password leakage very common.

multiple profiles

Some sites have different password policies. Some require using letters and numers, some forbids special characters. Some require at least 8 digits, others restrict to 20. Using thie tool, you can change easily the different profiles and generate, each time, a password for each situation.

browser extensions

In their site, there are several plugins for all major browsers. They facilitates a lot the tool usage. I personally created a Chrome extension that uses the same algorithm. I hope people like it.

no central repository

Nothing is stored in the computer nor the internet. You don’t have to keep track which sites you have accounts. It still require non-software measures to make it work. You have to change your password in a regular basis (yearly maybe), among other atitutes. It is not a silver bullet solution, but it addresses several problems.

just saw the news about the Drupal 7 Release Candidate. I could not be more perplex with the length of its cycle. The code freeze was announced in September 15, 2009, so its more than a year!

I’m perplex mostly because of the nature of this software: an internet application. Because the internet environment changes in an incredible pace, its really counterproductive to stop accepting deep modifications for so long time. NoSQL databases are getting more and more used, JavaScript techniques getting more refined and the whole HTML5/Video is dominating news. Two years to launch a new version is quite a lot.

I have a hunch: Drupal 5 was a true revolution but had a quite short life cycle, coz Drupal 6 was released soon after. I believe several developers got pissed with that as they were forced to make a long conversion process from Drupal 4 to 5 and than from 5 to 6. Drupal 6 took quite some time to actually be used by old sites, because several important modules (Views and CCK mainly) delayed the port to see what direction D7 would take. The result is that Drupal 6 was coined “Drupal Vista: wait for the 7”. This might be forced Drupal core guys to extend the cycle.

The whole problem is now gone since most sites are now ported to D6. But I really believe that was not matter of the short-cycles-that-pressure-developers, but the lack of clear support from project managers. I say that because some even more complex programs are getting big supporters, despite the apparent paradox.

The most enlightening example is Google. Google’s most popular softwares adopted the strategy of the “fast iterations”. The idea is not to aim “quality at all cost” (typical for projects that release when it is ready) but “to fix as soon as possible”. Chrome is 3 years old or so and it is in version 9! The adoption rate is even bigger than Firefox! Android is in version 2.2 already and gaining more and more support of developers. Can you imagine a more complex software with a faster release cycle?

Faster cycles have several advantages:

• Gain easy testers with the early adopters
• Avoid that small enhancements being postponed for years just because is a “new feature”
• Avoid the proliferation of hacks-as-plugins that implement the small enhancements I just mentioned
• Revert wrong decisions often
• Encourage more people to participate to the core development, since their suggestions might be implemented soon after
• Avoid analysis-paralysis loop of each change
• Reduces the possibility of forks (what is the advantage of Pressflow if Drupal 7 was released quite after?)

I think Drupal community still is somewhere between The Cathedral and the Bazaar. They are still in CVS mentality of a centralized control and serialized development of features. We have to make features in parallel, not in series. So no more “feature freeze”, “guys, lets think about the next version… ideas?”. Every time is time to release a new features. It has to create several forks (and not only patches) that will work on each features and, when any of them are ready, commit into mainstream and launch as a new small version, like 7.1, 7.2, 7.3…

One last comment for those that think several people want stability over cutting edge stuff. It’s just to maintain a similar concept used by Ubuntu: time to time a given release will be considered “long term support”. And if Drupal 7.2 is LTS, for example, it could be released several other “features-releases” like 7.3, 7.4 and several “bug-releases” for 7.2, like 7.2.1, 7.2.2, 7.2.3… Fixed time support also gives business and people the right information for a proper planning.

We prices of hardware are getting cheaper and cheaper. If we werent using legacy computers, the whole world could be buying massive amounts of power.

General processors (cpu) and specialized processors (video cards) are really powerful and affordable. We now can create a super fast computer with a fraction of the price of a few years ago. A HUGE potential is simply wasted. Except for gaming, video creation and some other situations, a person will not use it at full power 99% of the time.

Both permanent storage (hard drive disks) and non permanent (RAM) are also very affordable. A terabyte HHD is cheaper than two 500 GB, which are cheaper than 4 of 250 GB. The current inflexion point is around 1.5 TB, but is progressing.

With so resources available, good programs are getting less and less relevant. Algorithms are for people who don’t know how to buy computers.

We are now focusing on extract the most of our bottlenecks. Power consumption, wired and wireless connections speed are probably the biggest ones. We still are about to see a ground breaking technology to deal with these. Meanwhile, solutions like cache and problems like lack of synchronization between devices will persist.