First, insecurity.

It's a commonly accepted idea that a good password is a strong mix of numbers and letters, with mixed-capitalization and at least one ASCII character, somewhere between eight and twelve characters in total. There's a wealth of password-creation software out there (my favorite being the password-creation framework built in to OS X) that will happily churn out a strong password like "9[sQuk_pr1". That's a strong password, and one that isn't going to be easily cracked by a standard dictionary-based automated password attack. It's also horrible to try and remember, which is why very few people in the actual real world use passwords that look like that. We're a deeply-contextual species, and not designed to commit that kind of thing to memory — we do better with something like "[Q]u1rks_9" which at least resembles a word that we can mnemonically process, and is also a strong password that wouldn't be easily cracked.

So, fair enough. We have our strong password. Now the thing to do is to remember that you'll need to use a strong password for each email account, secured website, service (such as twitter, dropbox) and file server. Oh, and preferably you'll have unique passwords for each of those email accounts, secured websites, services and servers. It could be two or three, or it could be a couple of dozen. Good luck. It's no wonder, then, that most people reuse the same password in several places, or at least recycle the same two or three passwords for each thing that they touch. Taken on an even basis, it's not a terribly bad idea — after all, if you've come up with one strong credential, it should be good for everywhere, right?

Wrong. This story from last year highlighted what can happen when you use the same password everywhere. Mat Honan managed to get a lot of his digital life put back together, but for every high-profile journalist who suffers this kind of inconvenience, there are probably dozens (if not hundreds) who don't. Professionally, I've seen email account passwords tried (successfully) against file servers, and in one case against an online bank account.

Using the same password everywhere — even a strong password — does not keep you safe.

Second — Obscurity.

One way of getting around the insecurity problem is to offload the task of curating your passwords. The human mind is a fragile, fallible thing, so why put all your eggs in that particular basket? A better option is to keep a central password repository that you can access when needed. There are a good number of ways of going about that, from software solutions like 1Password, Wallet, or the built-in Apple Keychain Access utility to a list of passwords in a word-processing document, and points in-between. Those are reasonable solutions, and allow you to assign long, complex passwords for each service or site, without having to worry about whether they're something you remember. The program or document remembers them for you, and with all of the options I mentioned, you can protect the list with some kind of encryption in the program or document (and, extrapolating back, more encryption if you use something like FileVault to encrypt your hard drive). So, what can go wrong with having all your passwords saved on your computer?

Well, the answer is right there in that last sentence. The passwords live on your computer, and computers (like people) are not infallible. They require electricity, passwords of their own, physical access, and speaking of that, they're prone to damage and theft. They're also inconvenient, which is why it's not uncommon for users to jot those passwords they most commonly use down on a piece of paper, or put them in an address book, and before you know it you're writing your password on a sticky note and putting it on your monitor. That has never been a good idea; it didn't work for the school authorities in the Matthew Broderick's 1983 seminal classic "WarGames", and it doesn't work now.

Thirdly — Trust

Trust and security are a contradictory set of ideas. You can't have one without the other, and while a computer has no problem trusting another computer, it's rare for people to have other people that they can trust. Now, that may seem unnecessarily cynical, but ask yourself this; can you absolutely, one hundred percent, with no trace or shadow of a doubt definitively state that you completely trust, say, your significant other not to take a peek at your email? Possibly some of you can, but I have a crisp, pressed dollar bill that says that most people would have to answer in the negative on that one. It's not an uncommon problem — we see a lot of offices where subordinates know where their bosses keep their passwords (and will happily volunteer that information), and a lot of homes where the kids figure out their parents' passwords in order to circumvent what they see as draconian restrictions. It's seldom malicious, but people are fallible.

So, where does that leave us? Well, it leaves us with passwords we need to keep secure, but can't write down, put on a computer, remember, or trust anyone else to have access to. It's a dilemma, but not an insurmountable one. There are, I'm sure, finer minds than mine that have figured ways around this problem, but this is my blog, and folks ask me for advice, so here's my fix: instead of remembering a password, remember a process.

Let me explain. A good, strong password incorporates all the things I mentioned earlier — a mix of capitalization, integers, characters and so forth. It should also be unique, which is very annoying. My fix is to contextualize each password with the service I'm using it with. As "WarGames" was an excellent movie, let's use the password that Matthew Broderick stole from the school secretary to enable his grade-fixing shenanigans: "Pencil1".

First, let's mix that up a little. "Pencil1" is a mixture of a dictionary word and an integer, and isn't even remotely secure, so let's turn that into "P3nc1l_1" — replacing the vowels with numbers is pretty elementary, but hits the right mnemonic triggers to keep the word memorable.

Next, let's think about what we're using the password for. Let's say it's Twitter. By cutting in alternate letters of the the name of the domain with the password, we turn "P3nc1l_1" into "Pt3wnict1tle_r1". Likewise, using the password with iCloud turns it into "Pi3cnlco1uld_1" — both those examples are extremely strong passwords. Better yet, you can create usernames for each domain that follow the same process, so your iCloud username could change from "mbroderick" to "mibcrlooduedrick".

The token/password combination technique I've outlined here isn't flawless. It's a pain to piece together in the most part, but it's also something that you can recreate mentally in a few seconds with a little practice — it's a simple technique for password-protecting your password.

Pretty much every pundit, correspondent or blogger has already chimed in already about the life and times of Steve Jobs, so after a year, there's really nothing left to say about the man. We've heard about his personal and professional woes and triumphs, even if only through an endless parade of third parties — Jobs didn't have a lot to say about his personal life, and that's fine — Walter Isaacson's biography did all the talking for him. It's an excellent read — it lays out the hours, minutes, peaks and lulls of a life with the sort of restrained reverence that you might expect of a eulogy, which turned out to be an appropriate tone; a discreet post-mortem of a character, but not without compassion. It's an interesting read, and one of the most interesting things about it has been it's collateral effect; if the book was a faithful reflection of the man, then the most remarkable thing about it has been how an awful lot of people have seized on those reflections and tried to mold themselves to fit what they saw in him.

It's a tempting idea. For better or worse, Steve Jobs ended up on a pedestal, and now he's gone there's really nobody with a will or a way to bring him down. If anything, death made him even more of an icon; the platonic ideal of the brilliant innovator, the man who knows the next big thing before it hits, and who can read a market like he's the only guy with a roadmap to the future. One of the last great originals — who wouldn't want to be that guy, or at least absorb a little bit of that charisma?

People have tried, and (of course) it doesn't really work out. Common sense dictates that you can't just put on a black turtleneck and believe that an appreciation for good design trumps all other considerations, and in the same vein you can't just decide that you're now an obsessive perfectionist, tortured by your own inability to comprehend a worldview exclusive of your own importance. Well, maybe somebody can, but pretty much everyone I know is stuck with the same limited range of being sad, happy, angry, ashamed, surprised, hungry, or sleepy. No amount of deliberate or subconscious desire can turn you into someone else — and thinking about what you have to lose in order to get to that place should at the very least encourage caution, and in a way, that's what the story of Steve Jobs really is; a cautionary tale.

For all that, there's something truly, actually inspirational about January 24th, 1984. If you're in the business of trying to take a useful lesson from Steve Jobs, then that's the time and place to think about. Before the iPad, iPhone, iPod, the return to Apple, the years at Pixar and NEXT, the ouster by Sculley and the board — right back at the beginning of the dawn of modern desktop computing, you can look back to 1984 and there he is; a twenty-eight year old man wearing a suit with a ridiculous green bow tie, far too excited to be uncomfortable. Next to him on the stage is a table, holding nothing but a large bag. In less than a minute, he'll open the bag, reach in and in a very tangible sense, change the world.

For a moment he just looks up from his notes, and grins at the audience, and with just that one look of pure, unadulterated honest glee, you're hooked. You know that whatever is in that bag is bound to be pretty amazing, simply because you can tell that he genuinely, absolutely believes that it is without hesitation or reservation. That, I suppose, is the actual lesson that anyone can take from Steve Jobs, simply because it's a lesson that anyone can actually take; the only way to be truly great at something is to find something that you believe in passionately, and be passionate about it.

Still, I'm not writing today in my capacity as greying curmudgeon — instead I'm writing in my capacity as tireless promoter of Lavu Local? Have you seen it? No? Well you should! See, that was easy.

What is Lavu Local? Well, that's actually not too hard to answer. POSLavu is an amazing POS system for iOS that uses The Cloud (which is what we're all supposed to call the internet these days) as a means to synchronize data and print jobs between wait staff, kitchen staff, and management. It works just fine in and of itself, but there are a couple of innate problems with this approach in the form of network bottlenecks.

If you're part way through the day and some enterprising soul down the road decides to put a shovel through the cable that connects you to the internet, then all of a sudden your POSLavu setup goes dark. Without an internet connection, the iPads/iPhones your wait staff are carrying around can no longer communicate to send orders to print, and if you're using the integrated merchant setup, you can't take credit card payments either. Likewise, if the servers over at Rackspace (where Lavu does it's hosting) go down, you're equally inconvenienced/screwed.

Neither of these things, it bears pointing out, are Lavu's fault. The system they've built is extraordinarily well-designed, and these failings are very much out of their domain. However, it is a potential problem, so they've come up with a rather good fix: why not host your own POSLavu server?

In a nutshell, that's what LavuLocal is. It's a complete backend to POSLavu that sits on your local network, handling print and order transactions, then synchronizing up to Lavu's servers every few minutes. If your internet connection goes down (or there's an outage on the other end), the synchronization quietly fails, and business continues as usual until the connection is restored. At that point, any changes are synchronized, and life continues apace.

The beauty of this is that it's just good design in that it gets out of your way. There are some tangential costs (chiefly purchasing a Mac to run it on — they claim that it's designed to run on a Mac Mini, but really any Mac will do), some setup expense, but once it's in place, it's an enormous safety net that could very quickly save thousands of dollars in potentially lost revenue.

Currently, it's a zero-cost upgrade at the Platinum level of license, and at the other two license levels requires an increased monthly hosting cost. If you're in the market for a POS with pretty much bullet-proof reliability, it's a great deal.

This is utterly brilliant. I want one now, dammit.

Right now, as it stands, the "Viruses" out their for the Mac are all of the Trojan Horse variety. Which means, that at some point along the way, you allowed the danger through your gates. In short, you did something unwise. You downloaded a plug-in from some random web page, or you did something really dumb and installed a bootleg copy of some software you got of a "sharing" site. Which brings us to the sad truth. No matter how good your Ati-Virus Software may be, it can't keep you from doing dumb stuff.

So where does that leave us. Well, I think the thing you need most (right now), is diligence. Be conscience of what your pulling off the internet. If your a business and you deal with lot of document from random places, yes, get some Anti-Vitrus. Especially if you deal with lots of Word Documents. But what about the rest of us, what do we do. Well, this is where Apple's apparent inactivity is not what it appraise.

Not sure how many of you downloaded and installed the public preview of Mountain Lion, but Apple has a new security feature in 10.8 called Gatekeeper. This is a very cool addition to the already superb Adaptive Firewall. What is this Gatekeeper thing and how does it work?

Well, this is one of those times where having one guy (or Company) in charge of the whole shebang is a good thing. I'll explain.

Lots of people complain about Apple and their heavy-hand approach to iOS apps and the App Store. They want to be able to add any app they see fit to use (which is the current state of the Mac OS). This sound like a good thing (it's my phone and can use it any way I want), but lets take a deeper look at that strategy. Apple is makes some big promises with iOS devises. They say thing like "it just works". Well, the reason they can say that, is all apps must go through the Apple Developer Program and all that comes with it. Like testing the app to make sure it wont crash the phone. To insurer the app is as advertised. Insuring that "it just works", and that you have a constant user experience across all apps and devices. Also, it has the added benefit of keeping out Viruses. Any cases of infected iPhones yet? And why not? Because Apple knows you are how you say you are when you build an iOS app.

Gatekeeper is an extension of the same idea. You can trust all the apps you get from the Mac App Store precisely because Apple uses it's iron fist to keep the bad guys beyond the gates. With Gatekeeper, Apple can extend the reach gates far beyond the Mac Apps Store. And this new expandable gate comes in the form of a Apple issued Developer ID. App makes can then use this ID to sign their app, and then Gatekeeper verifies that ID against Apple database. Just like an SSL Certificate is used when you login to your back, Gatekeeper is kind of third party verification that will keep your Mac Virus and Trojan free.

And get this, it's a radio button.

So, as you can see, Apple is give you three options. You want to be a tyrant, OK, Mac App Store only. Or, you can rely on your own savvy internet danger detect skills, it's up to you. So remember this next time you want that cool jailbreak only app, or that "free" copy of Photoshop online, you have no idea what might be lurking inside the packages you are going to install. Flash is a legitimate application created by a trusted Developer. But someone altered it. Whit the advent of Gatekeeper and the Developer ID, if some tampers with the app or the installer, it wont install. The ID acts like a disk image checksum, and if there is a difference in what you have and what was registered. Well, the big soulless corporation and their iron fist just saved you bacon.

iOS Multitasking from Fraser Speirs on Vimeo.