Skip to main content

In the wake of the much-publicized hacking of a webmail account, I thought I'd share my own anecdote about security questions. Sometime last year, I decided to consolidate my finances and roll over all my past employer 401(k) accounts to a new firm. Some companies make this easier than others, since, you know, they'd really like to continue holding your money for you. Most of them require you to call them up and get them to mail you some forms. And all of them have multiple layers of security.

In the process of convincing one of these firms to send me the requisite paperwork, a customer service rep challenged me to answer a custom security question that I had set up when I opened the account (close to 10 years ago now). This is a good thing, in theory. Most of the "canned" security questions (birthplace, mother's maiden name) are easily answered with a quick web search these days, and even 10 years ago I was vaguely aware of this possibility. Thus, I had opted for a custom security question, in which I got to define both the question and the answer.

Like most people, I dated other people before meeting the woman who is now my wife. Like most people, I did not know when I met her that she would eventually become my wife. I had other relationships, some good, some bad, some that never quite got off the ground. One of those "never quite got off the ground" girls was a co-worker of mine who had come to work with me a few months after I had started dating my future wife. We became fast friends with a shared passion for electronic music (although she was way more into the "scene" than I was), but we never got around to dating because things were going so well with my future wife.

You see where this is going.

Nigh on ten years later, I find myself on the phone with a bored customer service rep who says, "All right, Mr. Pilgrim, I'd be happy to send you this rollover form as soon as you can answer the security question you set up with us: 'Who is the queen of trance?'"

There was -- literally -- 45 seconds of dead air before I could come up with the name of the girl I didn't marry.


For reasons that are not particularly interesting, I found myself reading the XScreensaver FAQ last night, which answers the question, "The unlock dialog is funny looking, why not use GTK?" That led me to JWZ's mini-rant On Toolkits, which reminded me of this ancient vulnerability in the OS X screensaver where you could unlock the screen by typing 1280 characters in the password dialog. I remember reading about it at the time, but I never really understood how people found bugs like this until I had kids.


bunnies eating hemp

I have to admit that I'm a big fan of "The 9," Yahoo's newest entry into the "let's turn the Internet into TV" competition. This is not a new concept; Microsoft has been touting it since at least 1998. And speaking of Microsoft, they recently stopped supporting Windows 98 and Windows ME. They recommend that "customers upgrade to a newer, more secure Microsoft operating system, such as Windows XP." Yeah yeah, I know, Linux has its share of security holes too. Everything requires maintenance. Except my TV, which I bought in 1995, and it still works. For the moment, anyway.

So yeah, "The 9." It's the latest in a long line of guilty pleasures. I am man enough to admit that I watch "Grey's Anatomy," and before that I watched "Ally McBeal," and long before that I used to get high and watch "Access Hollywood." "The 9" is utter tripe, of course. I mean, really. An Internet video about popular Internet videos? It's like meta-video-meme-blogging, squared. I love it. Not everybody's got to change the world, you know. Somebody's got to stay back and sell the sugar water.

Speaking of security holes, Debian got hacked. Oh shit! I don't have anything snarky to say about that. That just sucks. ... I don't have anything snarky to say about that. The Debian maintainers do an awesome job, and... The Debian maintainers do a... We have a God damn fly in the studio. The Debian maintainers do an amazing job, and I applaud their fanatical devotion to... everything. They suffered a similar hack a few years ago, and the community's response was swift, thorough, and completely public. They sure as hell didn't wait until "Patch Tuesday" to tell us about it.

And now, the part of the show where I make fun of stupid people who hate me.

Peter writes, "Eh Mark, yo didn't cracked the thing. It doesn't matter did you managed to add..."

What the fuck are you talking about? You know I'm over 30, right? I have a kid. Two kids. I have a mortgage. Two mortgages. I have a wife... I can not speak your crazy moon language. Seriously, is this the level of discourse I should expect after diving into video blogging? I need to implement some sort of CAPTCHA based on Strunk & White. If you can't tell me the difference between "continual" and "continuous," I don't want to talk to you.

Speaking of languages, my two-year-old can count to ten in Chinese and English. All the Chinese I know I learned from refrigerator magnets. Shit, I can't even curse in two languages. Although I can say, "I have the fire of the sun in my pants" in Spanish. I'm still not sure if that's dirty. It sounds like it should be dirty.

In personal news, my parents went to Africa to go to safari in the Seren... to go on a safari in the Sereng... safari in the Sereng... to go on a safari... to go on a safari in the Serengeti. Then my father stayed behind for a week to help build houses in Zambia with Habitat for Humanity. That's really cool. He's helped build houses all over the world: El Salvador, Mongolia, Kyrgyzstan, and now Zambia. Traveling to other countries really puts things into perspective. For example, I am never complaining about my commute again.


  • Mark Nottingham: The Atom Syndication Format (PRE-DRAFT).
  • Mark Nottingham: Atomic Draft. If you have been participating in the Atom project, go to the ContributorsList and add yourself, so you can get credited [in the spec].
  • Joe Gregorio: The HTTP verb PUT under Apache: Safe or Dangerous?
  • ReUSEIT: a contest to redesign Jakob Nielsen's site. Hope it's more successful than the last attempt.
  • Raymond Chen: Why does Windows 95 have functions called BEAR, BUNNY and PIGLET? I'm not sure which is more disturbing, the question or the answer.
  • Use an extended desktop with your iBook.
  • Sinjin's Oddworld Walkthrough.
  • Michael Barrish: Toast. This is true, and anyway when have I ever lied to you.
  • Joe Gregorio: Eco-Scooter. Insert your own Echo joke here.
  • To everyone working overtime at an ISP or datacenter during the latest round of Microsoft worms and viruses: you have my utmost sympathy and respect. To everyone whining because their obsolete designed-for-casual-use mail software and their default ISP's non-filtering mail server didn't protect them: shut the fuck up and learn to protect yourself. I use a combination of SpamAssassin, SpamCop, Mozilla Mail's junk mail filter, additional hand-coded filters, and IMAP to keep my inbox sane. I use ad-blocking software, user stylesheets, and a custom hosts file to keep my web browsing sane. I maintain rigorous script filters to keep my referrer logs sane. I use .htaccess to ban abusive robots, dynamic spambot traps to catch new ones, and nightly reports to find the ones I've missed. Everything requires maintenance.