Microsoft made the right choice in abandoning the horrifyingly bad Internet Explorer browser and creating the shiny new Edge browser, but I believe only supporting Windows 10 is a terrible mistake. While there will no doubt be millions of Windows 10 machines, that number is dwarfed by the billion iPhone/iPad and Android devices out there, all of which support Chrome and Firefox. And anyone who’s doing web development today on anything besides Windows 10 – be it on a Mac, Windows 7/8 or Linux – is either going to ignore testing in Edge, or have to use a virtual machine or third party for testing. I think for many software shops the result will be to do minimal testing. At the end of the day, it’s just another niche browser to have to test.
We’ve all been there: You visit a new website and inevitably you’re asked to create an account. If you’re lucky, the site lets you piggyback off of an existing site’s credentials, such as Google or Facebook. But if not, you need to come up with yet another password; Remember that you never want to reuse a password because if a site’s security is compromised (which happens all too frequently), hackers will try your username and password on all major websites – online banks and email accounts – things that can really screw up your life.
So you come up with a password, and with any luck the site runs it through a strong one-way encryption algorithm and saves it in their database. “One-way” here means there’s no known mathematical way to reverse the process to get back the original value. Whenever you login and re-enter your password, it goes through the same algorithm and the two encrypted values are compared, and only if they match are you signed in.
The beautify of this approach is that no one knows your password – not even the employees who take care of the database. Unfortunately, there’s no guarantee that any given website follows this best practice; they may use weak encryption, or two-way encryption, or no encryption at all.
But even if a website uses strong encryption, if hackers get their hands on the database they can still try to crack your password by using sheer brute force. Imagine you had a padlock with three digits and you didn’t know the combination but had plenty of time on your hands – you could literally go through all 1,000 combinations, one by one. Hackers use the same concept, but before resorting to trying every letter and number combination imaginable, they start with a list of the most common passwords, followed by every word in the dictionary (including all the uppercase and lowercase permutations, and the common tweaks such as substituting zeros for o’s, and adding a number to the end), followed by names of celebrities, TV shows, movies, books, character names, band, song, and album titles – basically anything you’d find in the Wikipedia.
In “Your Password is Too Damn Short”, Jeff Atwood (one of the founders of StackOverflow) explains why your passwords need to be a minimum of 12 characters long – and if you’re paranoid about the ever increasing sophistication of hacking techniques coupled with the relentless improvement in computing hardware power (which you should be), you’d do well to go beyond that minimum. Extending my combination lock metaphor from earlier, this would be like enhancing the combination lock to have, say 9 digits; Someone might have the patience to try 1,000 combinations, but probably not the will (or time) to try a billion permutations. He states that a 13 character password would take a hacker 64 years to crack using today’s tech, versus 2.2 seconds (!!!) for an 8 character password.
Coming up with a password, that’s fairly long, that’s essentially gibberish and that you can memorize is a tall order; but coming up with a unique one for each website that requires a password is, well, damn near impossible.
After reading Jeff Atwood’s post above I decided to use a password manager. Here’s how it works: You sign up and install a browser extension. As you go about visiting your various sites, the password manager offers to save the site’s name, URL, username and password. So this learning process is fairly painless. And whenever you need to log into the site again, LastPass automatically fills in the username and password. Personally I use LastPass, though there are others and from what I’ve seen they all work well. I have LastPass installed on my work and home computers, and on my phone, so if I make a change on one device, I’m covered everywhere else.
For big name sites such as Facebook, LastPass has the ability to change your password automatically with the click of a button. I love this feature. Back when I first set everything up, I would click this button and just sit back and watch as it signed in to my account, brought up the change password screen, entered the old password and a new strong password such as “R#87Xsr8ZWD43g”, and then updated the record in LastPass. And this is my favorite part of all this: I only have to remember my LastPass password, but that’s it – I no longer give a damn what any of my other passwords are. And since they’re all unique and strong, I don’t have to lose sleep worrying my password getting cracked.
LastPass has a tool to generate strong passwords for whenever you change a password manually. It also has a security audit feature that will show you all the weak or duplicate passwords you’re using. Basically, it’s got your back, and if you follow its advice you’ll be in really good shape. Honestly, it’s worked so well for me that I wish I’d started using a password manager years ago. If password management is a nightmare for you, I urge you to consider signing up.
In Coding Academies Are Nonsense, the author makes the claim that no one should learn to code today, saying “I see coding shrinking as a widespread profession”, and that within fifteen years anyone who knows how to code today will be obsolete.
Now, I’m very bullish on AI – I think self-driving cars are going to be hugely successful and dramatically change our daily lives. I also think that our phones are going to play an ever increasing role as our ever-present personal assistants. But despite this, I don’t buy the idea that the world won’t need software engineers in the not-too-distant future.
The author also says “Coders are essentially linguists who translate human language into a foreign programming language suitable for an unforgiving machine to process.” I was gobsmacked when I read this. Learning the syntax of a programming language is the easy part; most senior developers are highly proficient in several languages, and can pick up new ones quickly if they have to. But knowing how to create an application that’s intuitive for users, that scales well, that can evolve over time (etc.), that’s the part that takes a lifetime to master. Obviously computers will get better at helping with this task – already tools such as ReSharper can identify a whole class of bugs and even automatically fix them. This trend will obviously continue as computing power increases. But will computers essentially program themselves in fifteen years? I very much doubt it. And if that day ever comes, it’s not just software engineers that will be out of a job, but just about everyone.