Russell recently blogged about the yubikey from Yubico. It's a security token device, so you use it to authenticate against things. Security token devices are better than passwords because the password that is used keeps changing, so it's harder for an attacker to exploit.

Other tokens, such as the RSA tokens require batteries, and the user to type in the code displayed on the token. They need batteries. Yubikey is interesting because it doesn't need batteries, you plug it into the USB port on your computer. It also acts as a keyboard. So instead of you reading a code from the token, it types the password for you. As it's a time varying token the password is different each time you go to use it.

What this means is that you can use any computer without worrying that the computer has been compromised and could steal your password. It means you don't have to remember your password.

And all the code to support the token at the server end is open source. I'm thinking of getting a couple, and seeing if I can get them to work with all my authentications.


Andrea and I went and saw Memoirs of a human cannonball last night. We really enjoyed it. I was a doubter when we went though. I wasn't entirely willing to believe that on stage we would have someone who really was a human cannonball. I can safely say that I'm convinced. Matt has some footage of his circus days that he plays during the show, which was great.

If you get asked to volunteer during the show (as I did), can I just suggest you take your keys out of your pocket, and leave your phone and wallet behind?

Warburton cycle fest

Looks interesting. Anyone want to go to it with me? Warburton is really nice, might be worth staying a night out there.

quitting in IT

I've sometimes thought that I'm a bit strange when I start getting the itch that maybe it is time to change jobs. Perhaps I'm not so odd, perhaps I'm just reaching my value apex when I feel this way. I found the following article very reassuring:

