Jesper M. Johansson, Ph.D., ISSAP, CISSP is a Security Program Manager at Microsoft. The second part of his three-part article on the use of passwords vs. passphrases was recently published.

The Great Debates: Pass Phrases vs. Passwords

• Part One - coveres the fundamentals of passwords and pass phrases, how they are stored, and so on
• Part Two - discusses the relative strength of each type of password, and use some mathematical approaches for illustration
• Part Three - offers some conclusions and guidance on how to choose passwords and configure a password policy

In this installment, he looks at three arguments for the use of pass-phrases:

• Claim 1: Users Can Remember Pass Phrases
• Claim 2: Longer is Stronger
• Claim 3: Pass Phrases Can Have More Randomness

This is a great read, worth the time for anyone who works in the security field or in IT operations and security. I am looking forward to the third installment, as well. Jesper has a powerful way of cutting to the heart of the arguments and coming out the other end of the conversation with good facts in tow.

Every now and then a company comes along that Just Gets It^TM.

Google is one of those companies. I have been playing with the new Google Desktop Search beta application, which is a locally-installed program that indexes content on your local computer and allows you to search it, in-line with other Google searches.

It might take a minute to realize the utility of this. Bear with me. Then use it and see for yourself. This is (as Scott world say) pure sex.

Once you install Google Desktop, any Google search can then include your local desktop/machine search in-line, as shown above. You can also do a desktop-only search, and you can choose to disable the ability to show Desktop Search results on Google Web Search result pages. Google states that your personal search results and data are kept private from Google.

What can you index on your desktop machine? Google Desktop is able to index the following items so that you can search for them:

• Outlook email
• Outlook Express email
• AOL IM 
• Word
• Excel
• PowerPoint
• Text and other Web history
• Secure pages (HTTPS) in web history

Find out more on the Google Desktop “About” page, or see more screenshots here. Also available are the Getting Started Guide and a page dedicated to privacy questions and concerns.

I've been using it for a couple of hours, and already I can tell that this is not something I will not be giving up any time soon. I am adding this to my little box of tricks.

Want to try? Jump over to http://desktop.google.com and install the small app, and you'll be on your way. If you have thoughts or comments after trying it, feel free to share them here, and be sure to let Google know.

There's an interactive guide online that will quickly and easily help you determine what needs to be done to upgrade your TiVo. Add a hard drive or two, replace your original drive with a bigger one, whatever.

This is a lot better than what I had when I took my 20-hour Series One TiVo and did my hack, ending up with two 120GB drives in it. It works great and records things for me every day (and will likely never run out of space). I had to piece together software and instructions, and walk my way between the lines in certain areas. Anymore it's much easier, so just go here for help.

Once you choose your TiVo model, hard drive options and a few other items needed to provide accurate instructions, the interactive guide provides you a clean, usable, well-written set of directions and links to required software specific to your needs as well as other resources like picture guides.

The site: http://tivo.upgrade-instructions.com/step1.php

(from hackaday.com)

I'm sitting here now with a pain in my lower back, the result of a discogram procedure performed today on three lower bask discs. No pictures this time, but if you want to know what the procedure is there's info and a picture here.

I was prepped for this one by my doc to be ready for a very painful experience. A discogram is a procedure where he runs needles into the disc that is known/suspected to be the problem, as well as two others above it, one of which looks a little iffy but not as bad as the primary suspect disc, and another that looks normal and healthy. He then fills each up with fluid and a small amount of blocking agent "dye" that can be photographed on a CT scan after the procedure is completed.

Thing is, if you have a herniated disc and you pump fluid into it to blow it up/inflate it, that means the fluid will likely push the herniated portion harder into the problem area. That hurts, a lot much of the time. and that's what they want. That is how they verify the pain, and that if they choose to do surgery, they know exactly where the problem lies.

They can also look at the CT scan images and see where the dye flowed, which gives them an even better idea what they're up against and what kind of surgery - if any - is the best bet for the injury.

So anyhow, today was my day. I live about an hour or a little less northwest of Portland. The doctor who specializes in my back problem that I was referred to by my local doctor is in Salem, which is about an hour south of Portland. So, my friend Broc showed up at my place last night, made my guest bedroom useful, and got up early with me and drove me to Salem. He ate McDonald's and got coffee while I listened to him heckle me with tales of morning caffeine and food. I would not be able to eat or drink anything until after the procedure, and I was starving. And another thing - for me to not have coffee by 8am is unheard of.

The nurse was great this time - a little local anesthetic and the IV was right in (not like the last time at a different place...) and all I had to do was wait.

They got me into the room and on the table, and prepped my back. I heard the doctor come in.

And then the next thing I know, I was in the recovery area.

That's it. I have no freakin' clue what happened in the operating room, except that they did what they needed to do and I was not knocked out. But I swear to God, other than a vague recollection of a short painful stabbing experience with nothing solid to attach it to, I don't remember anything at all - it's like I jumped ahead an hour or so and that time never existed. I've never experienced that. Very strange.

Man - I hope I didn't say anything mean, stupid or embarrassing! :P

At any rate - we'll wait a couple weeks, let my back return to normal (I am a little more than just uncomfortable right now), I'm taking a trip, and when I get back it will be time to meet with the doc, once he has had time to review the results and consult with his partners, and see what if anything he can do to help.

Verdict: Expected severe pain, missed the whole damn thing in my memory, sore now but completely manageable - just a side effect of increasing the pressure and an expected consequence. The people were better than just good - they were thorough and terrific to me during the prep and after, and I have to assume they didn't tattoo me anywhere I can't see or something while I was "out of it." Doctor Olson and crew gets an A+ in my book.

Past related writings:

• Back with a vengeance (stick a needle in my spine remix)
• Stick a needle in my spine, part two
• Stick a needle in my spine

Windows XP Media Center Edition launched this morning, with support for high-def TV, multiple tuners, and lots of other cool stuff.

• Microsoft Windows XP MCE web site
• Michael Creasy's blog entry with details

Some confusion over licensing, and earlier claims that it would be sold at retail. I think OEM's will have better access, but not so sure about being able to purchase a copy all on its own...

Heat scans are now showing greatly increased temperatures at the surface in the volcano crater and earthquakes are occurring at about one every five minutes. Scientists are saying this shows magma is much closer to the surface, and gas measurements also support this.

When I woke up this morning and was getting ready for work, I looked out the front window, from which I can see the mountain, and saw a column of steam lifting out of the crater. This was the first time I have been home at a time when clouds were cleared and something was happening.

I shot a couple of pictures, and will try to get around to transferring them from the camera to the computer and uploading soon.