Add multiple tags to a Youtube video from a tag list

If you have a Youtube channel with a lot of similar content, chances are you also re-use the same tags a lot. If you don’t feel like typing them in separately every time you post a video, this trick might help you: You can copy paste a list of tags from a text file, as long as you separate the tags with commas.

Here is an example of how a tag list might look like:

Crime And Punishment (Book),Literature (Media Genre),Fyodor Dostoyevsky (Author),Audiobook,English (language),Radio,Dostoyevsky

Simply copy paste a list like that in to the tag-area in Youtube, and you are done!

Posted in Uncategorized

The Password Problem

We humans have become pretty good at physical security. It’s not very easy to rob a money transfer vehicle or a bank and actually get away with it. It seems unlikely that even the boldest terrorist would attempt to physically break into high security locations like Pentagon or Fort Knox.

Digital security however is a whole different matter. During the last few years we have gotten used to news about many of the largest companies in the world like Yahoo, Adobe, Twitter, Facebook, Nintendo and Apple getting hacked [1]. A big part of the problem with digital security is that our systems still rely heavily on passwords for authentication. Passwords are challenging for several reasons.

The amount of passwords
First of all, we need so many of them. According to Techradar 25 to 34 year old web users actively use 40 different online accounts on average. [2] We are told that each one of our accounts should have a unique password, so that if and when one of them gets hacked, the hackers don’t get access to all of our accounts. Remembering 40 unique username-password combinations is not very easy to do for most of us.

The complexity of passwords 
The passwords we choose should be long, random and complex. This is because in a typical hack the attacker gets access to the databases in which usernames and passwords are stored. Luckily most (but not all) system administrators are wise enough to store passwords in encrypted formats, so that the attacker has to crack them first in a process called brute-forcing. This is where the length and complexity of your passwords really comes into play.

The very first thing the hacker will attempt is a so called dictionary attack, in which a dictionary of common words and passphrases is tested for the password. [3] If your password is included in the dictionary, it will be cracked in less than a second. Howsecureismypassword.net estimates the time it would take for a desktop PC to brute-force different passwords. [4] I started the test with with a very common word “Michael” which of course would be cracked instantly. Adding the number one after it (Michael1) still puts it in the top 1000 of most common passwords, which means it’s probably found in every password dictionary. Interestingly adding the number three (Michael3) makes brute-forcing it last 15 hours, which while still being quite weak, is already a significant improvement. Below is a chart of other variations and their brute-forcing times:

 

Image: Brute-force attack times for a desktop PC for different passwords based on Howsecureismypassword.net results.

The charts demonstrate how important password complexity and length is. By adding special characters like exclamation marks and asterisks to our password, we can improve its strength significantly. By simply adding the letter “d” a few times to the end the word “password” it changes from the worst password in the world to a password that takes days to crack.

What’s good enough?
What is a safe enough time estimation to aim for then? We should remember two things: many hackers have access to botnets that comprise of thousands of computers and secondly computers are improving at an exponential rate according to Moore’s law. [5] Considering this I wouldn’t recommend settling for anything less than hundreds of thousands of years, of course also depending on the importance of the account you are protecting.

Another challenge with passwords is that no matter how good your password is, it is still very vulnerable to two things: phishing and keylogging.

Phishing
Phishing is a process in which a malicious actor masquerades as a legitimate entity in order to have you send your private information to them [6]. To give you an example from my own experience, I once received a genuine looking email from Paypal telling me that I need to log-in to my Paypal account in order to confirm my address. I was suspicious but decided to see what happens if I click on the link. It took me to a website that had the exact same design as Paypal and it asked for my username and password. I entered a completely made up username and a random password and clicked on the login button. The website pretended that it accepted my login information and took me to a page that looked like the usual Paypal interface! You can probably guess what would have happened if I had entered my real Paypal login: this phishing website would have gathered my login information and used it to enter my Paypal account in an attempt to steal my funds.

Keylogging
Keylogging is even worse than phishing: a hacker is able to install a small program on your computer without you noticing which then captures every keystroke you type and sends the text to the hacker in a discreet manner. This way the attacker can learn all the usernames and passwords that you use while the keylogger is active. In a 2010 report, 48% of inspected 22 million computers were found to have malware in them [7] and according to Australian Computer Emergency Response Team (ausCert) 80 percent of all keyloggers are not detectable by antivirus software. In other words this threat is very real and makes relying on passwords for security quite scary.

What can we do?
What can be done to improve the situation? To fight phishing attempts, you should always double check the URLs of the websites you visit. I also recommend using tools like Web Of Trust (https://www.mywot.com/) that will show you community based scores for the websites you visit. If you are about to enter a shady website, you will get a warning. You should never ever click on links you receive in email, unless you are absolutely sure about the sender. Remember that changing the sender-address is a quite trivial thing to do. If a service that you are using asks you to visit their site, it’s better to manually type in the address or google it to make sure you are taken to the right website.

Defending against keylogging is much more difficult, because these type of infections can be hard to detect. Naturally you should have an up-to-date virus scanner and you should be performing scans regularly, but that doesn’t really guarantee anything. One of the most efficient defenses against keylogging attacks is two factor authentication. It means that you use not only your password to log in to a service but also a code sent to (or generated by) another device, typically your mobile phone. Many of the big web companies like Google and Yahoo offer two factor authentication these days and I really recommend it for greatly improved safety. To perform a successful attack, the hacker would need to have control of both your computer and your phone, which is quite unlikely.

Password managers
To help remember all your unique passwords you can use a password manager like Roboform or KeePass, but those are kind of double edged swords. On the other hand they make life quite convenient by keeping track of all your passwords, but they also create a single point of failure: If the attacker learns the master password that protects your password manager, then suddenly they have access to all your online accounts all at once. I personally have Roboform installed, but only on my workstation that I keep “sterile” which means it never touches the internet. At the moment I have 980 different user accounts saved in those files and I would never be able to remember all those logins without Roboform.

Coming up with a system
If you do not have an offline computer to store your passwords safely, I recommend creating a system that allows your passwords to be unique, long and yet easy to remember. Let me give you an example. You could create a single random password to memorize, let’s say “XyZ##!Smilie: :)Smilie: :P” and make it unique by adding the letters two and three from the service you are using it for to the end of the password. So your Facebook password would be “XyZ##!Smilie: :)Smilie: :Pac”. Even better, you could do something like adding the first letter from the top-level domain (like .com .org or .fi) in all caps at the end to hide your pattern a bit more. So Facebook password would become XyZ##!Smilie: :)Smilie: :PacC and that one would take 111 million years to crack. In my view this would provide good enough security for you non-critical online accounts. Your main email account and other highly important accounts should probably still have completely unique passwords (and thus not use a system like this).

Speculation about the future
What might the future of online security have in store for us? Many used to believe in biometric identification methods such as fingerprint- and eye scanners. The problem with these solutions is that just like passwords, malicious actors can use clever ways to obtain copies of this information in order to falsely prove their identity. Fingerprints might in some cases be even easier to obtain than passwords, as we leave copies of them pretty much everywhere. Unlike your password, you can’t really change your fingerprints if you fear a hacker has managed to get a copy of them, which in my opinion makes it an awful system for security. My prediction is that in future we authenticate with combinations of something we have (perhaps a smart watch or a ring) and something we know (a simple password), but hopefully the systems also analyzes our typical behavior and adjusts the requirements based on our behavioral patterns. For example, the login-system should demand higher degrees of verification if the login attempt is made from an unknown computer at an unfamiliar location. Many two factor authentication systems already allow you to mark commonly used computers as safe, removing the need to do a full two factor sign-in on those. Of course I am hopeful that all the smart security engineers will come up with something even better than I’m able to predict.

Many companies are already working hard to solve this problem and there are big incentives for a solution. According to popularmechanics.com the National Institute of Standards and Technology is offering a 10 million dollar reward for coming up with an alternative to passwords. Even Ford is working on a system that would automatically log you in based on the proximity of your smart phone. [8] The ones who can finally solve the password problem by coming up with more convenient and secure authentication methods will surely be applauded by internet users around the world.

Sources:

[1]
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 

[2]
http://www.techradar.com/news/internet/online-fraud-too-many-accounts-too-few-passwords-1089283

[3]
http://searchsecurity.techtarget.com/definition/dictionary-attack[4]https://howsecureismypassword.net/ 

[5]
http://en.wikipedia.org/wiki/Moore’s_law[6]http://en.wikipedia.org/wiki/Phishing 

[7]
http://www.zdnet.com/blog/security/report-48-of-22-million-scanned-computers-infected-with-malware/5365

[8]
http://www.popularmechanics.com/technology/how-to/computer-security/solving-the-password-problem-14993917-2

Posted in Uncategorized

If I delete a comment on Youtube will the commenter get notified?

Hi!

I was trying to find an answer for this question online but there didn’t seem to be any good results, so I’ll ask it here:

If someone has posted an offensive comment on my Youtube channel and I go ahead and delete it, will the writer of that comment get a notification that the comment has been removed?

EDIT:

I did some research with my wife’s help. She logged in from her account and posted a comment on one of my videos. I later deleted that comment and here’s what happened: Not only did my wife NOT receive any message that this comment was deleted, she actually still sees the comment there when she is logged in! Only when she logs out can she see that the comment is gone. So the answer seems to be that Youtube does it’s best to HIDE the fact that your comment was deleted from a channel. Which I believe is a good thing.

Posted in Uncategorized

Copy-paste website

If you are like me, you are constantly throwing basic html-code together for new websites.

Now there is a fresh website that wants to speed up that process by offering you a clean and simple html-file from which you can quickly copy all your basic html markup. There are also ready-made root folders available for download.

Check out the copy-paste website at copypastewebsite.com!

Posted in Uncategorized

Can i use bing keyword research without adding any Microsoft code

Hi!

People all over the web have been posting positive things about Bing’s keyword research tool. I too became curious enough and wanted to take a look, especially since I’m not super fond on the new Keyword planner tool from Google that has replaced the search volume estimator. My main purpose for this tool would be to check out potential domain names based on the organic search volumes of certain keywords. In other words I would like to see search volumes for certain terms in order to make smart decisions when choosing my domain names.

So I logged in with my old hotmail account (and no, I’m not using that for anything these days) and tried to find the keyword research tool from the interface. After looking around for five minutes I had to give up. I got the impression that I need to maybe first add some of my websites to the service. And to do that I would have to integrate Microsoft tracking code to my website. If that’s whats needed in order to use the keyword research tool then that’s a deal breaker for me. Microsoft as a company has such a terrible history of ruthless behavior that I’m not comfortable in adding any code from them to my websites. I don’t feel great about using Google Analytics either, but Google has been much nicer as a company so far. Well maybe except that nasty NSA episode which really dropped some points from Google in my eyes.

Anyway, long story short: it appears to me that I can’t access the keyword research tool of Bing without adding Microsoft code to at least one of my websites. Please correct me if I’m wrong!

Posted in Uncategorized

What are the visits from Google analytics campaign source

I have recently seen big increases in the traffic to this blog. Many of those visits are classified under “campaigns” in the Google analytics traffic sources -view.

The analytics manual says:
“Campaign is the name of the referring AdWords campaign or a custom campaign that you have created.”

The strange thing is I don’t have any adwords campaigns to my blog! Nor any other campaigns that I have created.

These visits are usually targeting very current subjects. Could these campaigns be something Google is doing on their own to drive traffic to my site?

EDIT: If I dig in deeper, I see “rss/rss” inside the campaign. So this traffic must have something to do with the rss-features of WordPress.

Posted in Uncategorized

Youtube no analytics data for days now

Has anyone else experienced a huge lag in youtube analytics data? The day will switch to October 7th in just 2 hours but Youtube analytics is still stuck in showing data only until October 2nd! That’s a gap of five days. Yet I haven’t seen any official reports that Youtube would be experiencing trouble with their analytics system. Being five days in the dark is a long time for a company trying to do business with the help of Youtube.

Posted in Uncategorized

Example of Box2dWeb and Ivank simplified

Hi!

I was having a hard time understanding the Box2d demo that Ivank.js has on it’s webpage. So I went through the code line by line and added comments. I also removed the function that creates several objects and have now just a single ball in the scene to make it easier to understand. Here is the modified code in case it helps someone else trying to integrate Ivank graphics to the javascript ports of Box2D.

I also made a zip-package that includes also the graphics I used in my test. You can download the package here:

Box2DWeb+Ivank simple example

Here is the code from index.html:

Posted in Uncategorized

Seoanalysis .com spamming analytics data

I was happy to notice today that several of my smaller websites had traffic spikes in fridays analytics data. A deeper dig into the data revealed that most of those spikes were created by spam visits from seoanalysis .com. I hope that Google will take notice of this analytics data spam and drop their rankings. I wish people would try to succeed on their own merits, not by spamming and using questionable marketing tactics.

Posted in Uncategorized

Time as the ultimate observer

I have been studying and thinking about quantum mechanics during the last days.

As I was walking in the park today I started imagining different possible events that could take place in there.

There were so many possibilities and unknowns that this became a “sea of possibilities”. It was almost like my near future was in a superposition.

So I started thinking, that there was only one thing that would reveal the actual events that really would end up taking place in that park. Time itself. Almost as if time was acting as the observer, forcing superposition particles to settle to a single position.

Doesn’t this make time the great observer?

Posted in Uncategorized