All posts by Chris

a note about passwords

Passwords bug me. Specifically, password management on most websites is maddening. Here are a few things to keep in mind when designing yours:

List your password-format rules up front. All too often, sites ask for a password with no indication of their format rules, then scream “ERROR!” when you don’t guess correctly. Yell at your users less by telling them what you want first.

Don’t limit the size of a password unless you absolutely have to. Honestly, it’s 2012. Databases can store unlimited-length strings, and the security of a password is improved by length. If your user wants to use the Gettysburg Address as a password, let them go for it.

Ditto for the content. If the user wants ancient Greek poetry for their password, then don’t freak out about the character set or complain that it doesn’t contain any numbers. Honestly, I once had a health-care provider prevent me from using spaces and punctuation in a password. “Alphanumeric characters only”. Way to be secure, guys.

Don’t limit the password format at all unless a compromised account will damage your service as a whole. No minimum length, no “special characters” requirement, no “at least one number”. I know, this is a tough one to swallow. Take an honest look at the worst a malicious user could do; if the only harmful effects are to the user choosing the password, then let them choose whatever they want.

Rate the strength of a password as the user types, and give hints on how to improve it. If you do this, though, get it right. It’s annoying to type in “correct horse battery staple” and have some out-of-date algorithm tell me it’s “Weak“. It’s worse if the system rejects it outright, but even the knowledge that your algorithm sucks makes me doubt the overall security of your system.

Check that your login fields are friendly to automatic login. I’m more likely to choose a unique password for a site when I can hand off the job of remembering it to my browser or keychain. Each time I have to click “forgot password”, though, my choice is going to be easier to remember (and probably less secure).

watching space stations dance

If you’re in Southern California on January 5th, you might get a chance to see two space stations in the sky at the same time. (Pretty cool, right?)

If it’s clear enough, and if I’ve read the magnitudes and times and directions correctly on Heavens Above, here’s what I’ll be doing that night:

  1. At 5:00pm I’ll go outside and stand in a nice dark spot. (I live in the middle of San Diego, so that takes a few minutes to find.)
  2. At 5:05 I’ll look to the northwest for a bright object moving toward the northeast. If it’s moving slowly and not blinking, it’s the International Space Station. Population: 6. I’ll wave to Daniel, Anton, Anatoli, Oleg, Donald, and André.
  3. At 5:07, when the ISS is as far up as it’ll get in the northeastern sky, I’ll look to the southwest for a dimmer object moving toward the northeast. If it’s moving slowly and not blinking, it’s Tiangong 1, the first part of China’s space station. Population: 0 so far.
  4. Until about 5:10, when Tiangong 1 is right overhead and ISS drops below the eastern horizon, I’ll watch the two of them share the sky.

Thanks to Allan Manangan for passing along the news from David Dickinson on Twitter.

The Mpemba Effect: A Good Case For Citizen Science?

I just read an intriguing article on the Mpemba effect at Skulls in the Stars. Between the history of the effect and the continuing puzzle of what causes it, this is the best example of science-as-a-process I’ve ever seen:

Mpemba made his accidental discovery in Tanzania in 1963, when he was only 13 years old and in secondary school. In spite of widespread disdain from his classmates, he surreptitiously continued experiments on the phenomenon until he had the good fortune in high school to interact with Professor Denis Osborne of the University College Dar es Salaam. Osborne was intrigued, carried out his own experiments, and in 1969 the two published a paper in the journal Physics Education.

So what did Osborne’s research show? He placed a 100 cm³ beaker filled with 70 cm³ of water on a sheet of insulating foam in a freezer, and timed how long it took for the water to freeze. For temperatures up to 20 °C, the time was roughly proportional to the temperature above freezing, up to a maximum of 100 minutes at 20 °C. For higher temperatures, however, the time dropped dramatically, down to 40 minutes for 80 °C water!

Be sure to read the complete article for the whole story, including many attempts to characterize the Mpemba effect over the years. 50 years later there still isn’t a strong consensus about what causes the effect, and in many cases it’s supposed to be difficult to reproduce.

To me, this is crying out for a citizen-science experiment with lots of participants, similar to the way Biocurious works. The experiments themselves are dirt simple (and cheap) to implement; all they really require is water, a heater, and a freezer. The rest is a matter of documenting all the (potentially) relevant variables, including the heater and freezer used, the source of the water, the type of containers, and even the geocoordinates of the experimenter. (Hey, who knows, right?)

A second generation of citizen-science experiments could then be designed based on trends in the first-generation data. The fun thing about this step is that (as Galaxy Zoo has shown) the data often suggests results that weren’t expected before it was being collected. (That shouldn’t be surprising; this is science after all.)

The point of each subsequent generation would be to build more accurate predictions of which experimental setups would or would not produce the Mpemba effect. Eventually it should be possible to make a set of statements like, “Heating 50 ml of 20 °C tap water in a 100W microwave for 90 seconds is 90% likely to reduce the time required to freeze it in a 1 m³ freezer by 35%.”

Why the citizen-science approach? I suspect that rather than trying to control all the known factors to produce the desired result, we instead want to track as many factors as possible to characterize the space of results. This particular effect will probably require a “vast multidimensional array of experiments“* to characterize properly, so enlisting a large number of citizen scientists makes a lot of sense.

Besides, each and every one of the test participants can have fun guessing at the real causes involved. Who doesn’t love a little armchair theorizing?

* Yes, I’m ‘citing’ Wikipedia. The original article cited there is inaccessible, and the rest of the Wikipedia summary is informative stuff.

this is not a science blog post

I (and Global Spin) have changed a bit over the last few months. Nothing you’d notice much, but I’ve set aside a few projects and picked up a few others. Specifically, I’m starting the long road toward becoming a licensed scientician.

Long story short: Global Spin is shifting towards science blogging. For the remainder of 2011 I’m going to post something sciencey once a week, probably on Tuesdays.

Older posts will still all be here; in fact, I’ve fixed the archives list in the sidebar so it shows posts going back to 2003. However, the focus going forward will be on science, culture, space, and technology. Those four categories catch most of what I’ve posted in the last two years anyway, so it won’t be a big shock.

I’ve also streamlined the site a bit. It’s not a community place anymore; social-media sites are much better at that now. It’s not even a place to store my personal commentary on the rest of the web; Tumblr and Twitter and Reader (oh my!) fit that need nicely.

One thing I’m going to try (and maybe go back on): I’ve turned off comments on these posts. Again, most of the commentary seems to happen elsewhere, so having those empty boxes at the bottom of each post seems a bit archaic. If you disagree, contact me and I’ll reconsider.

The motto hasn’t changed, though: We still protect our freaks.

To Science!

why I won’t fly

I don’t fly. Since the TSA put its latest set of security-theater rules in effect, I just can’t do it (or ask my family to) in good conscience.

It comes down to this: I know too many people who would be traumatized by the kind of treatment the TSA has made mandatory. I can think of too many cases where either the backscatter machines or the invasive patdowns would cause lasting damage, the kind no flight is worth:

You get the idea. Privacy is important. For some people, it’s vitally important. And it’s relevant, because I have not committed a crime. Getting on an airplane is not probable cause to believe I will.

Yes, I realize that not all these cases apply to me. I also know that my family won’t necessarily be subjected to the backscatter or the patdown. The point—and to me it’s the only important point—is that no one deserves to be treated this way, and I refuse to support a system that does so.

Each time I choose not to fly, I’ll send a letter to the airline I would have used, the airports I would have gone through, and the TSA to let them know why. I hope that eventually they’ll see reason and do away with these crazy searches. Until then, I won’t fly.

For reasons to stay angry, follow the ongoing news on Reddit’s Flying With Dignity group or get a stream of images from The Daily Patdown.