Wrapping My Head Around a SQRL

Welcom to SQRLSQRL, if adopted and implemented can change our entire relationship with web sites and how we use them. SQRL is simple, elegant, and uses current technology which should create a low barrier to entry for web sites to employ. This just might be the perfect solution to the problem of usernames and passwords.

Usernames and passwords came along before the Internet and long before they became necessary to access almost anything on the Web. In a perfect world we should all have different usernames and passwords (and long ones that contain numbers and special characters for that matter) for each and every thing that requires them because if we don’t and some nefarious person gained access to that information they would then have access to all the places where you use them.  But who has the memory capable of keeping unique usernames and passwords for everything? Just about no one. I was introduced to a solution that purports to get rid of usernames and passwords as we know them. It’s called SQRL (pronounced squirrel) and it stands for Secure Quick Reliable Login. I’ve read through the proposal of how this works. And, while I don’t have expertise in cryptography, I think I understand the basics and I’ll do my best to explain it as I understand it.

Unique Usernames and Passwords for Every Web Site

The SQRL system creates a unique username and password for each and every web site that employs this technology. To make it even more secure the user never needs to know their own username or password for the sites they visit. This means no longer would a person have to worry about their Facebook or Twitter account being compromised and then have to worry about all the other sites where they used the same username and password combination. It sounds like magic.

Creating a Master Key

In order for SQRL to work a person has to download an app to their phone or computer (SQRL app) and choose a master password. This password is the only one you’ll ever need and it should be a good strong unique password for this system to be effective. This password will be run through what’s called a hash function which produces what seems to be a bunch of random characters. This bunch of seemingly random characters will be called your Master Key.

Logging into a Web Site

When a person goes to a web site that uses SQRL the site will present a QR code and/or link to a web site address. Here’s an example of what you might see on a web page:

Example SQRL QR CodeClick Here

You scan this QR code with your smartphone using the SQRL app and the app will communicate with the web site separately and you would be logged in. No usernames or passwords are ever typed into any form fields. The same login method can be accomplished, if you’re at home or using a trusted computer, by installing an app or browser extension that performs the same task by clicking on the link.

How is this Done?

This QR code is just a graphical representation of the text of a link. Here’s the actual link that created the QR code above, https://www.example.com/sqrl?7b514d3f1d60e848d0b9cc024b9af0c98a92c60c04849771282a322e765f665a. If you scan the QR code with a bar code scanner app on your smart phone this is what you’ll see.

The random set of characters you see after the question mark in the link is a random number that the web site will create and this number would be unique each time anyone visits that login page.

The SQRL app will take the web site address (www.example.com), combine it with your Master Key, and run them both through a hash function to create two new keys. One that is public and one that is private. The public key ends up being your user ID and the private key temporarily stays in your SQRL app.  The string of characters below is an example of what might pass as username.


The great thing about hashing is that no one can take the number above and go backwards to find your Master Key. But, you can take the web site address, combine it with your Master Key, run them through a hash the same way and produce the same string of characters every time. So it’s a one way street.

In the SQRL app the string of random characters that was provided at the end of the web site’s address gets encrypted by the private key (digitally signed). This digitally signed string of data is essentially your password and it gets passed to the web site where the only thing that can decrypt it is the public key (user ID). The web site decrypts the “password” and if it returns the same exact string of random numbers then the site knows you are who you say you are.

In essence you will create a different password every time you log in to any web site because the random string of characters that the web site generates is different every time the page is refreshed. So even if someone gets a hold of your new super long user ID they cannot compromise your account unless they have the private key. The private key is not stored in your SQRL app because it can be generated every time you visit a site.

I’m sure there are many things that I don’t have exactly correct because, as I said, I’m not an expert by any means in cryptography or Internet security. But I’m pretty sure I have the basics down. SQRL is incredibly secure because users won’t know their own user IDs and passwords to any web site. User IDs are long and seemingly random. Passwords are generated on the fly and can only be created with the use of the SQRL app and the Master Key. The SQRL app can only be accessed by the user’s master password.

If there are weaknesses it’s in the user’s master password and getting web sites to implement SQRL. A person can use anything they want for their master password so their identity can be as secure or insecure as that single master password. Web sites may not want to implement SQRL because it gives the user ultimate control over their information. With SQRL a user can be as anonymous as they want because the web site doesn’t need to know anything about them personally in order to authenticate. Web sites can still require a user to set up an account that is associated with their new superlong user ID and that’s fine for sites like Amazon or other e-commerce sites. But for sites like Google, Facebook, or any social networking site SQRL can allow a user to have an account but still remain totally anonymous.

There are way more details to this than I’m able to describe and if you’re interested you can follow the links below.

This link is to the creator of SQRL: https://www.grc.com/sqrl/sqrl.htm

Here’s a simplified explanation: http://www.sqrl.pl/

A good write up by TechRepublic: http://www.techrepublic.com/blog/it-security/sqrl-a-new-method-of-authentication-with-qr-codes/

An explanation of digital signatures: http://www.youdzone.com/signature.html

Venue 8 Pro Review


I received my Dell Venue 8 Pro on Friday and my impressions over the last couple of days is this is the type of device for which Windows 8 was made.

To start, the form factor is near perfect. 8 inches is still a little too large for my taste as I’ve really grown accustomed to my Nexus 7. But this machine is definitely portable. It feels lighter in the hand than you might think and the textured backside makes this more comfortable to hold than my Nexus 7. The Nexus 7 has a slippery greasy sort of feel to it so the Venue 8 Pro, even though its slightly larger and slightly heavier, is more comfortable to hold over a long period of time.

Windows 8 really shines on the Venue 8 Pro. It runs smooth with no lag. This is amazing when you consider that this is running a full version of Windows that can run REAL web browsers and REAL applications. For reasons I have yet to discover Google’s Chrome browser runs better here than on my Surface Pro. For example, on my Surface Pro in desktop mode, there is an odd anomaly where Chrome doesn’t maintain a maximized window when switching from portrait to landscape mode. It’s an odd behavior that isn’t present on the Venue 8 Pro. On this device I’m running Office 2013 without a hitch and I’m also running QuickBooks. All the software I need runs on this tablet.

I’ve heard reviewers mention problems with the screen. Personally I’m not finding any problem with the preset auto display brightness. The device seems to adjust brightness for me just fine. Auto brightness is enabled by default no doubt in order to extend battery life. Battery life has been excellent so far. In normal use for me the battery is lasting me all day where I was at best getting 5 hours from my Surface Pro.

Are there negatives? Sure. But what device doesn’t have them? Here’s a short list of what I’ve noticed so far.

    • McAfee comes pre-installed. Anti-virus and malware protection are embedded into Windows 8 and is unnecessary. It’s annoying to have to uninstall something that shouldn’t be there in the first place.
    • Gets a little warm on the lower half of the right side. But with a couple hours of normal use I don’t find that it gets too warm. I mention it because I notice it where on the Nexus 7 I haven’t.
    • I would like an on-screen Windows Start button. To get to the start menu there is a button on the top of the device where you would normally find a sleep/wake/power button. That button is located on the side. At the start of using this device I would wake it by pressing the button on top and then try to put it to sleep with the same button. I’ve conditioned myself to simply use the button on the side and ignore the button on the top. It’s not a necessary button when I can more easily swipe in from the side to get to the Windows button to return to the Start menu.
    • I didn’t realize it came with Office 2013 for free so I burned my Office 365 subscription that I was saving for other devices.
    • Won’t charge through a USB hub. At least the ones I’ve tried. But it dies charge through USB and that is a huge convenience because I won’t have to carry an extra charging brick.
    • Lack of a hardware keyboard although Dell’s web site says a keyboard cover us coming soon. It’s not something I would use that often but I do know that I’ll want one when using it while traveling.
    • Lack of a dongle or short extension cord that would allow me to easily connect a full size USB device. I’m sure something like this exists and I’ll be searching. If I can connect a USB flash drive it will make installing software much easier. Some things still come on a CD or DVD and I usually copy those install disks to a flash drive because my last several laptops lacked optical drives.
    • There will be no docking station as with the larger Venue 11. It would be nice to dock this to a full size screen, keyboard and mouse for those times when sitting at a desk. This is a REAL computer after all and can take the place of a desktop for general use.image


Now if Microsoft would just get rid of the traditional desktop and make the metro style desktop the default interface Windows would have a much better experience. My other request after using Windows 8 since February is I would like the ability to dynamically resize the split screen panels when running multiple programs. The pre-defined sizes do not necessarily fit my everyday needs.

After using the Surface I’m so much happier with this device. It’s almost exactly what I’ve envisioned for tablet computing since I bought a Compaq T1000 more than a decade ago. If you are considering a Nexus 7 or iPad Mini you have to consider the Dell Venue 8 Pro. It’s a tablet with that works like a real computer and not at all dumbed down. I haven’t been this enamored with a device in a long ling time.

p.s. This review was entirely written on the Venue 8 Pro.

Obama Administration to Blame for Government Shutdown Silliness

The government shutdown is all over the news and the silliness of what is happening should not be lost on the American people.

There are many that blame the Republican party for playing politics with “Obamacare” and trying to leverage keeping the government open with defunding “Obamacare”. There are many that blame the Democrats for not agreeing for a short term solution that would fund the government while working out some kinks in the implementation of “Obamacare”. To be sure, there is blame to go around to both political parties.

But, in my opinion, only President Obama can be blamed for some of the silliness that is happening regarding the “shutdown” of certain public memorials, parks, and web sites. These places are by their very nature OPEN. There are no walls surrounding them and anyone at any time can utilize them whenever they feel like it.

WWII MemorialLet’s start with public memorials. Yesterday a group of WWII veterans was blocked from going to the WWII memorial. The group scheduled their trip in advance and only when it was learned that the park police were barricading the memorial did a member of Congress try to step in to allow them to visit. They were denied. But, the WWII generation being what they are, they moved the barriers aside and visited the memorial anyway. Keep in mind that there NORMALLY ARE NO BARRIERS erected around the WWII memorial. It’s open. Normally, 24 hours a day 7 days a week you can just walk on up. The park police had to waste equipment and man hours to block off something that requires nothing to enter. Take a look for yourself.

national park service

The National Park Service has closed off places like the Grand Canyon so people who have planned their trip sometimes a year or more in advance get turned away. Can you imagine closing off something as big as the Grand Canyon. Hell, it has “GRAND” in the name! The government can leave it open as nature intended and let the public enter at their own risk. To make things even more ludicrous, the park service even shutdown a park that receives NO FEDERAL FUNDING. The government spent money to close off a park where they don’t pay anyone to monitor or maintain.

US CensusHow about government web sites? These things are hobbled as well. I needed to fill out a census survey that I am mandated to complete prior to October 29, 2013. I went to the site and was greeted to this (a picture is provided in case the site is brought back up). I certainly hope the general public is not duped into believing that shutting down web sites saves the government one single penny. Remember now, the web site is up and running. You aren’t greeted with a message of “web page not found” (commonly called a 404 error) but instead are greeted with a message letting you know that you are blocked from doing the things you need to do. The servers that run the web site are still operating. They have to be in order to server the page with the stupid government shutdown message. Again, time and money was spent to have someone go to each of these sites and redirect browsers to these messages and block users from using the sites. I MIGHT understand if the government turned off the servers. But then they might get angry phone calls.

p092713ps-0542President Obama and those within his administration had to give the marching orders for the park police, the park service, and the system administrators to spend money to block or close off things that are normally wide open to the public. The American people, Democrat, Republican, Libertarian, Communist, Socialist, or whatever political persuasion should be royally pissed off that the American people are denied access to their public spaces. President Obama’s actions in this case are silly and childish. Seemingly in order to dupe the American people into blaming his political opponents.

Of iPhones, Gladiators, and Frogs

More proof that we are done as a great nation.

The video is only six minutes long so watch the entire thing. At first it’s fun to laugh at the idiots waiting in line for literally weeks. But then you get to the 4:35 mark. If you have any individuality at all you feel a bit ashamed that this is happening. How are has our American culture become so empty where segments of us will debase themselves in such a way just for a trinket.

Crowds of people cheering a person for buying a phone. Meanwhile, our private property rights are slowly being eroded, the police are increasingly becoming militarized, the government is trying to define a journalist so they can erode the 1st Amendment, the government is making a hard press to erode the 2nd Amendment’s protection of the right to bear arms, and the government is sweeping up and retaining private information on individuals who are not suspected of any crime. This list can go on and on.

Things like the iPhone, amongst other distractions (think professional sports), are the modern day gladiator arenas. Give the citizens their distractions so they don’t pay attention to what the political and big corporate classes are doing. We are the frogs in the pot and the water is getting pretty hot.

Kevin Spacey and the Future of Video Entertainment

This is simply brilliant. Kevin  Spacey can see what the major networks and the cable and satellite industry can’t. Content creators want to create content and content consumers want to consume it. Give the viewer/listener what they want and give it to them at a fair price and they will gladly pay for it.

The only thing standing that may stand between content creators and content consumers is government regulation. How long will it be before the federal government moves in to license users of the Internet. The more they call it a public utility the closer they are moving towards all out regulation.

Forward to 2:24 and then 3:08 for a couple of great incites.

The Annual Parental Parting of the Ways

Melissa & Matthew 2Every year there is an experience that many parents share. It’s something they know is coming from the moment their kids are born but somehow gets pushed to the back of their minds until the day it actually arrives. That experience is the act of letting go.

I caught this article in the Washington Post today and the following paragraph I found particularly accurate in its expression.

Eighteen years is not enough. A crib is bought. Christmas trees get picked out. There is the park and lullabies and a little help with homework. The days pass uncounted, until they end. The adjustment is traumatic.

Walking Away 2There are moments that are burned into your brain. The moment I turned to leave my daughter at college and the moment I watched my wife hug my son just before we left him at his dorm are two memories where the scar tissue is still quite warm.


Meaningless Unemployment Rate

sgs-empThe unemployment rate is at 7.4%. It is the lowest rate since 2008. The number is absolutely meaningless, however. When the unemployment rate shrinks because the employment pie is smaller then there is little use to even publishing the number in the first place.

Here’s a blurb from a Reuters story posted today:

Nationally, the jobless rate fell to 7.4 percent in July, the lowest level since December 2008, largely due to people giving up on the job hunt and dropping out of the work force.

For example, if there are 100 people in the employment pie and 9 of them are not working then the unemployment rate is 9% (9 out of 100 or 9/100 = 9%). If 5 of those 9 people leave the employment pie (people dropping out of the workforce) then without a single person finding a job the unemployment rate drops to 4.2% (4 out of 95 or 4/95 = 4.2%).

Magically it looks like more people are working when not a single person gained or lost a job. What I would like to know is why don’t reporters press the government on these bullshit numbers?

For the real picture of employment in the United States look to shadowstats.com. Somewhere before 1995 the rate was calculated much differently. Then in 2009 something changed again and not for the better. According to shadowstats, even though the “official” rate is at 7.4% and dropping, the real unemployment rate is closer to 23% and climbing.

The wool has been pulled over our eyes and no one seems to want to pull the covers off. Things are not good. In fact, they are bad and getting worse.


Feds Should Go After Google for Windows Phone YouTube App Blocking

No YouTube for YouJust as I called for the Feds to go after Apple (because we all know how influential I am) for anti-competitive behavior with their scheme to raise prices on e-books I believe the Feds should now set their sites on Google. Google is blocking Microsoft from building a YouTube app for its Windows Phone OS. This is anti-competitive behavior that seeks to do nothing but keep Microsoft from gaining market share and the Feds should put a stop to it.

I’ll preface the rest of this post by saying that I’m not a Windows Phone user and that I’ve been an Android user for the last 4 years or so. I moved from Windows Mobile 6 to Andriod on the HTC Incredible. I use most of Google’s services because they are part of the open web and they work cross platform in multiple OSes and browsers. Skip to the next to last paragraph to get right to my rant on Google. The next two paragraphs give some background on my thinking.

Back in the 90’s when the Feds went after Microsoft for anti-competitive behavior for bundling Internet Explorer (IE) with Windows I was dead set against it because even though Microsoft bundled their browser the user was in no way locked in to using that browser. Even though the browser was free I believe users would have paid for a competing browser if it was better. In those early days of the Web browsing was not a great experience with just about any browser and IE’s main competitor was Netscape Navigator. You could get it for free if you knew how but most people had to pay for it. The browser was the precursor to all the free ad supported software and services you see today. What Microsoft did was not anti-competitive in so much as it was forward thinking. Bill Gates knew the future of the company was tied to the Internet and the Web and pivoted the company to move aggressively in that direction. Consumers were not harmed by their actions but helped and as hindsight I think this was proven as correct. By the time the Feds were done with Microsoft the computing landscape changed so much that their case was moot. But, the damage had been done.

I called for the Feds to go after Apple with regard to e-books because I believed it was unlawful for a company to conspire with other companies with the purpose of driving up prices to curtail the expansion of market share of a competitor. I’m glad that the Federal government saw it the same way and went after the publishers and Apple. Amazon was aggressively pricing Kindle books partly to gain and secure market share and partly to appropriately price a product that was purely digital and had none of the legacy costs of the physical product. This was good for publishers and good for consumers. Publishers didn’t see it this way, much like record labels didn’t see the value in MP3s, and sought out a partner to stem the tide of Amazon’s expansion. Apple was much to eager to comply and positioned themselves to be the arbiter of all e-book prices. This was the only way they could see themselves curtailing Amazon’s growing market share and securing their position as Amazon’s main competitor in the new and growing e-book market. Their mistake was that their plans were harmful to consumers. E-book prices, upon consummation of the publishers deal with Apple, immediately went from an average price of $9.99 to around $12.99 to $13.99. Suddenly on Amazon’s site it was cheaper or around the same price to buy a physical book as it was to buy an e-book. It had to have a chilling effect on the e-book growth. I know I shifted back to buying new release hardbacks instead of Kindle books. I could not have been alone and the Feds seemed to agree.

Google is exhibiting some of the same anti-competitive behavior that Microsoft was accused and that Apple committed. Google will not make a native YouTube app, amongst other native apps, for Windows Phone and Windows 8. Microsoft has responded by creating their own native app that allow their users to to view YouTube on Windows Phone. Google is blocking this effort. In the beginning Google was in the right. Microsoft was clearly violating Google’s terms of service by blocking advertising and allowing downloads of YouTube videos. These actions by Microsoft was all a ploy to tweak Google and Google has taken the bait. In the latest chapter in this drama Microsoft has complied with all of Google’s demands and Google still blocks the app. Why? By making an unreasonable demand that Microsoft code their YouTube app using HTML5. A demand that is not made on Apple or Android. This is anti-competitive and in my opinion illegal. If Google is the proponent of the open Web as they are then they should embrace Microsoft building their own app to access their services. After all, doesn’t Google benefit from Windows Phone users using Google’s services? Instead what Google is seeking to do is protect their domination of the phone and mobile OS universe. They do not want Windows Phone gaining a foothold because it will surely erode some of Android’s dominance. iOS will not be harmed because it is less likely for Apple users to switch to a Microsoft system because they are locked in to the Apple ecosystem. Android users are generally not locked in to Google’s ecosystem because it’s more open. Show me anyone that’s locked into the Google Play Store. Consumers are harmed because they are restricted of choice. YouTube is an open system with APIs that others are free to utilize. For market share protection Google is denying Microsoft access to this open system and thereby harming all Windows Phone users by making them choose between iOS and Android alone if they want to access YouTube easily. This is wrong and illegal.

I think it should be rare for the Feds to jump in to the market unless a monopoly or market leader is using their position to harm consumers. The Feds consistently step in where they don’t belong as in with the bank and auto bailouts. When a company’s behavior is clearly anti-competitive and harmful to consumers that’s the only time the Feds should interfere with market forces.


Lavabit Founder Has Fewer Rights than an Accused Murderer

This is awful. The gag order is so severe that he can’t even discuss parts of his situation with his attorney. Even an accused murderer has the right to speak privately with counsel.


Apple MacPad?

11 inch MacBook AirI was reading this review of the 11″ MacBook Air on AnandTech today and came to the realization that Apple could now easily create an OS X/iOS hybrid system, call it the MacPad, and dominate the tablet/PC market for the foreseeable future.

The new Intel Haswell based chips give the 11″ MacBook Air 8 – 10 hours of battery life. This surpasses the latest iPad by at least an hour. Add to this the fact that the two devices are nearly identical in size and you have a recipe for the best tablet/pc hybrid on the market.

Apple has the design expertise to remove the keyboard and lower the weight to where it can possibly match the iPad. Or, make a dockable keyboard that doesn’t look clunky like it does on so many Windows 8 hybrid PCs. I think a MacPad with no keyboard would be the genius move. I’ve seen so many people carry around that tiny little Apple bluetooth keyboard with their iPads in airports and hotels that it can’t be much of a stretch for them to do this with a MacPad.

If I were to do a MacPad I would have iOS run as an application or have an iOS emulator that can run all the iOS apps that people use today. Then users can keep their iOS apps running in a window while also using OS X for actual computing.

Surface UnboxedI don’t use Macs or iPads (Although I have used them) because I don’t like to be trapped in the Apple ecosystem. I am also not fond of the UI on Macs or iPads. I did buy a Surface Pro in the hopes that Microsoft would get this right and I can tell you that I’m not at all happy with their implementation of the tablet/PC hybrid concept. Seems there are a lot of people that didn’t like Microsoft’s concept either given the company had a $900 million dollar right off due to the Surface’s, in both the RT and Pro forms, lack of popularity.

It would be just like Apple  to push out a tablet/PC hybrid after Microsoft and their followers and have it take off like a rocket. This would have the potential to put the nails in the coffin of any Windows 8 RT or Windows 8 Pro system. For the love of God Microsoft please get it together.