This is a tool I developed after struggling with an increasingly large bash script for my pre-commit hook.

The focus is on enabling others to easily develop their own checks/reviews.

I'll be looking at adding Mercurial and SVN support in the near future.

Would love to hear any feedback you might have.

Is it up? is correctly reporting: http://isitup.org/google.com

Same at http://www.isitdownrightnow.com/google.com.html

Looking around there doesn't seem to be any news on a breach at name.com, official or un-official (aside from this of course).

It does have me worried however.

It'd be worth having a read of the logs, if true it appears that the attack was only to compromise a specific target.

The fraud won't occur till the database is released and the private key is cracked.

> in our heads

So it's short enough to remember and likely has some sort of pattern. There's a limit to what a person can remember, lower if there are several people that have to remember it.

It is not very difficult to memorize random strings of arbitrary characters. I use a password manager to manage most of my accounts, but the important ones, like banks and email, I keep in my head. I use my password manager to generate a 15 character string of alpha+numeric+symbols. The symbols would kind of make it hard, except that in my head they are just upper-case numbers, mostly (shift-7, not ampersand). And in any case they are just positions on a keyboard (God help me if I need to enter one from my cell phone).

To memorize, just copy it into your favorite text editor, then type it 25 times in a row and delete. If you are paranoid, make sure you use a text editor that does not store temp files. Do not save this password anywhere. Set a timer and do it again an hour later, then again the next day. 10 minutes of your time and you have a password in your head. I can keep 10-20 of these at a time, maybe more since I seem to be able to type older ones from years ago.

I don't consider myself to have a great memory. I can barely remember lyrics to songs I've listened to dozens of times and it takes me hours and hours to memorize lines for plays. But I started doing this for passwords ten years ago and it is very reliable.

The thing is for your personal bank account a 15 character password is acceptable.

But for x many customer credit card details you're really looking for a much longer password that that. I'm talking 64 characters or more of pure random data.

You shouldn't be compromising for the convenience of being able to remember a password when it secures such critical data in my opinion.

Edit: I do agree though that your method is a very good way of remembering password.

At 15 characters and my character set ( [a-zA-Z0-9] and about 30 symbols) I have about 92 bits of entropy. Mean time to find a collision hash of my password is more than several years using 100% of computing power on the planet, much less do AES brute force. If memory is no issue - 256 bit passwords (usually displayed as 64 hex digits) are wonderful and there is no reason to stop short of that for pass keys that are stored electronically.

If I was responsible for this key I might increase from my normal 15 to 20 characters, giving me more than 120 bits of entropy, and I would expect to be safe from offline brute force for decades, and I could remember it.

It's trivial to memorize an entire sonnet. Actors and actresses memorize many times that amount. It's also trivial to write a sonnet. How many bits of entropy do you think a sonnet has?

Are you saying that you are happy to type in an entire sonnet when prompted for a password?

Being realistic, to expect someone to type in such a long password regardless of if they can remember it or not is clearly unreasonable.

For a consumer, perhaps, but for protecting thousands of individuals...

You can't assume this. It could be ridiculously strong, and, with a lot of use, has become remembered.

I'd argue that actually it's better to assume the worst case here, not what it potentially could be.

That and the fact that an offline attack can be run on this key is not promising.

You've assumed that everyone involved has the entire passphrase.

They were storing LISH passwords in the clear... Does it really sounds like they care enough to use some sort of multi-party brokered passphrase accountability system?

Not really, just more than one person as is implied in the grammar.

Edit: Theses "making an assumption" arguments are silly. It is good practice to assume the worst case, to assume the best in this situation is bad.

I'm impressed by your ability to extrapolate "in our heads" to mean whatever you wanted it to mean.

> I'd prefer a new foreign car that has certain limitations to a used Jeep that I can extend in any way I want.

Are you sure about that?

Absolutely. I need my phone to work, be simple and reliable, not require much/any maintenance. Similarly, I prefer a nice car with a warranty that I don't have to worry about or have any hassle with. A jeep might be cheaper, and when it runs slow I could install something to fix it, or if I don't like the steering wheel I could personalize it easily... but, for something I use every day and depend on, I just want it to be there and not have to deal with any complications. I'm ok with the one-size fits all steering wheel, the research driven interface on my stock radio, etc etc.

Check out CloudFlare, they provide some great DNS services with some added bonuses.

I doubt it's robust and stable enough to use in a hospital yet.

I believe the unit and frame are separate. As mentioned there are a few examples of the units being on standard glasses with lenses.

I would have thought it'd pair with your phone, with the phone doing all the hard work. The glasses really just being a display and recorder.

That would indeed be the most obvious way to go, it would also make the device more powerful down the road since the computing is done on a smartphone which only get faster and faster by the year.

I'd say the computing is done "in the cloud". Low power transmission to your phone, then to the google datacenter.

It seems cool from a technology point, but I'm not sure I want to trust Google (and thereby the US Government) my life. Or am I doing that already by using Google Search and GMail?

Yeah, we're all doing it already. At this point it's more about managing what I do online then it is about avoiding using the services.

Google Glass will be massively popular with the active crowd (kind of how the GoCam got its big break) - I would personally use it in place of recording videos with my phone! I would not wear it all the time though, that's ridiculous.

I am sure that that is going to be the product that actually takes off. Google Glass will probably fail (at least the first iteration) but give some data for the next attempt. Then when Apple comes out with iGlasses everyone can act impressed.