Irrationally Increasing the Load

Laser Printers

Many years ago, I was in an IT group that purchased dozens of Hewlett-Packard LaserJet II printers for internal use.  The problem was that the printers were designed for a maximum of 3000 pages a month and we were using them to generate 2000 pages a day.  They overheated so badly that the rollers inside were melting.  Management was complaining about shoddy workmanship by Hewlett Packard and the partially melted rollers were causing black streaks on the paper.  To get this throughput, we were using third party page feeders that would hold one thousand pieces of paper instead of the standard 100 page trays.  (HP informed us that any use of these giant page feeders voided all warranties and service contracts.)


Expecting a printer designed for 3000 pages a month to be able to produce 60,000 pages a month was not reasonable or rational.  It certainly wasn’t a sign of shoddy workmanship on the part of Hewlett-Packard.  There was a larger model (LaserJet 2000) that would handle the load, but management didn’t want to spend the money.  Given that the LaserJet 2000 had 2.5 times the speed and would have had much lower maintenance costs, it probably would have been better to buy the faster printers at the higher price.

Since the printers were producing more than an order of magnitude over what they were designed for, complaining about the workmanship was hardly rational, but it did provide a means for management to argue why they weren’t at fault.




Just Get It For Me

The Request

Many years ago, I had a manager who was unhappy with the number of facsimile messages he could send and receive each day.  He therefore instructed me to obtain a facsimile machine that was four times as fast.  Unfortunately the rate of receiving and transmitting facsimile messages was set by an international standard.  Limited increases in speed were possible, but the data was transmitted at the speed of the slower machine.

This meant that I couldn’t get a machine that would reliably send and receive pages at four times the rate.  However, I could place four facsimile machines on the same telephone number.  This meant that they could all be sending or receiving messages at the same time, enabling us to process four times as many messages in a single day.


I was told that I had a lousy attitude.  I should simply go and order what he wanted, and he didn’t want to hear any complaints.  The fact that what he wanted was unavailable was irrelevant.  The result was that he didn’t get either the electronic device or the business capability he desired.  (However, I could have easily supplied him with the desired capability.)

Saying what you need to be able to do is reasonable and logical.  Refusing to listen to the other person about how that need can be satisfied is not reasonable.  If he didn’t have the knowledge and skills to satisfy that need, why are you going to him?


Myers-Brigg Classifications

Logical Thinking and Gut Feeling

The Myers Briggs Type Indicator (MTBI) was designed to indicate the personality type of an individual. One of the ways of expressing the personality was Thinking (T) versus Feeling (F). In this case, “thinking” referred to making decisions with dispassionate logic as opposed to your gut feeling.

The company I was at decided to give everyone the Myers-Briggs test and then discuss the results. The department head was very unhappy because he felt he was a totally rational decision maker but the test indicated that he was going by his gut. Despite the fact that all of the other managers agreed with the result, his opinion was unchanged and he even implied that the other managers were lying to him. (By the way, I felt that the test result was accurate.)


  • If you are a “feeling” type and know that you are “feeling” when getting your ideas, you will probably still realize that you have to analyze the results to make sure that it is a good decision.
  • If you are a “thinking” type and know that you are a “thinking” type, you are going to come up with options based on logic.  One of the points to consider logically is to consider how the decision will be viewed by others.
  • If you are a “feeling” type and believe that you are a “thinking” type, you won’t see a reason to evaluate your decision logically.  The fact that you are misreading your own personality means that you aren’t that good at evaluating things, like the difference between emotional and logical arguments.  It also makes it difficult to understand the objections raised by others.

If you don’t understand your own thought processes, you will come up with very bad decisions.  If you don’t see a need to examine ideas logically (The conceit that “I am a genius.  My opinion must be correct.”), the chances for success shrink further.


Tales From the Irrational

Rational vs Emotional

If you look at the various Star Trek television series, you will find that many of them have a character whose primary attribute is being logical and unemotional: Spock on the original series, Data on The Next Generation, Seven of Nine on Voyager, Odo on Deep Space Nine, and T’Pol on Enterprise. In addition to a number of science fiction characters, many detectives in mystery novels, such as Sherlock Holmes and Hercule Poirot, would also seem to fit this archetype.

However, if you look at these characters in their respective stories, you will also see that they have a character who is a mirror image in many ways: more emotional and less logical. For Sherlock Holmes, there was Dr. Watson, while Spock had Dr. McCoy as his verbal sparring partner. The extremely logical characters often appeared slightly inhuman and perhaps a little bit ridiculous. However, they are also the ones who keep the spaceships running, solve the crimes, keep the city infrastructure running, etc. They are often viewed as humorless, but they definitely have a sense of humor, what I call engineering humor.

Their main source of humor is the illogical people they work for. I can assure you that the engineers find the non-engineers hilarious but a little scary. To demonstrate this, I am going to provide a number of scenarios, and you can decide which side seems more like you and which side you would like to resemble. (This may be a spoiler, but I prefer the rational people.)

Classic Example

The classic example of irrational thinking is a old joke about a man who was searching under a lamp post outside a bar.  A policeman walking by asked if he needed any assistance.  Upon learning that the man was looking for his wallet, the policeman asked when he had last seen the wallet and was told that he had last seen it inside the bar.

When the policeman asked why he wasn’t looking for it inside the bar, he was told “The light is much better out here”.

I think that most people would agree that it would have been more rational to search inside the bar, perhaps after asking to borrow a flashlight so that he could see better.  Before laughing at him too much, you might want to review your actions lest you resemble him.  The stories here will helpfully help you in your goal for rational and successful thinking.  (Irrational thinking is rarely successful.)


Auditing Access Attempts

In order to secure your web site, it is necessary to examine requests so that you can detect, report, and respond to attacks on the web site.

Persistent Data

In order to have a secure web site, it is necessary to store the information required for analysis.  Some of the information that will need to be stored for each account are the following pieces.

  • Account name and password
  • Flags indicating the current status of the account, including any red flags raised in the security audit. If access to the account is restricted to specific IP addresses, it will also contain a list of the authorized addresses.
  • Information on each logon attempt, both successful and unsuccessful.  In addition to date and time, this would also contain information on the IP address and port used to send the request, and the result of any validity tests applied to the logon request.

Password Requirements

The first step in planning is to determine the requirements for selecting passwords.  This would include the minimum and maximum lengths, and the characters that can be used in creating the password.  Some systems apply other considerations such as requiring both upper and lower case letters, numeric digits, and punctuation marks.  You have to consider usability, ease of memorization, and difficulty of guessing in determining your rules.

You should also consider creating a list of character strings that can’t be used as passwords, starting with a list of the most commonly used passwords (secret, password, 123456, qwerty, letmein, etc.)   For this purpose, case-insensitive comparisons should be used for rejecting the password, although case-sensitive comparisons will be used for testing whether the password is correct.  You should also reject the password if it is simply followed by a single digit or uses letter number substitutions (LEET speak).  Having “password” on the list should also reject “Password”, “Pa55w0rd”, “PASSWORD1”, “PA55word”, etc.  The reason is only partly to get people to use better passwords.  If you prohibit these passwords, any person using them has a relatively high probability of being an attacker.

Account Restrictions

You may want to have some restrictions on accounts, especially those with administrative privileges.  Some of these restrictions could include the following for specific accounts.

  • Restricting the IP addresses that can be used to access the account.  If a black list can be created of the IP addresses that have been known to launch attacks, the accounts could be set to reject access attempts from these attempts.
  • Require two-factor authentication on some accounts.
  • Some systems have additional information to identify systems that can be used to log on to the account.  This could include cookies, IP addresses, or information maintained by the browser, such as type of browser and operating system.  Adding new systems to the list would require additional confirmation from the user.

Concurrent Analysis

These are the tests that are applied to the request while it is being processed.

  • Since many of the vulnerabilities in web software is based on sending malformed requests, the first step would be to validate the format of the logon request.  If the request is invalid, it is best to return a 500 (Server Internal Error) rather than a 400 (Bad Request) since this gives the least information to an attacker but is still relevant to the problem.
  • The next step would be to make sure that the account name is valid.  If it isn’t, the account name used would be stored in the log of logon requests.  However, the password field in the log would be left blank, although the use of a forbidden password would be noted in the log.  The response to the requestor would be 401 (Unauthorized).
  • If the password is on the forbidden list described above, you should reject the attempt, returning a 401 (Unauthorized) response.
  • At this point, you can test whether the request is coming from a blacklisted IP address.  (The blacklist will be created from the retrospective analysis described in the next section.)  The 401 (Unauthorized) response is often used for blacklisted addresses, but different system administrators have different opinions about which response to use.
  • You can then test if the password supplied in the request matches the one stored in the database.  If it doesn’t, you will return 401 (Unauthorized) response, but also lock out the account for a period of time.  The subsequent requests with the wrong passwords will have gradually increasing time spans, such as 1, 2, 5, 90, and 300 seconds with attempts after the second returning a 500 (Server Internal Error) message with a text stating that the user should try again later.  After the longest lock period (300 seconds in this case) has passed, you can reset the lock out period to the smallest value.

At this point, the user has passed the tests for logging on to the system, and he can gain access.

Retrospective Analysis

Retrospective analyses are carried out by examining the logs for entries over an interval of time.  When attackers try to learn the account names and passwords on a system, they generally use one of two approaches.

  • Go for a specific user and learn all you can about him.  Use that information to guess his password.
  • Obtain a list of account names.  This may involve looking at bulletin boards and e-mails.  You will then try a list of the most common passwords against each of the accounts.  This is known as “account spraying”.  If you only try each account once a week, the chance of being detected is greatly reduced.
  • In “phishing” attacks, you obtain a list of e-mail addresses and send e-mails to each of them.  The e-mails may either contain attachments with malicious payloads or instructions on how to access web sites that contain pages that will corrupt your system.

Account spraying will result in a number of IP addresses having many unsuccessful logon attempts, and few, if any successful attempts. Similar patterns will be found with other types of attacks as well. In addition, it is possible to determine information about an attacker from the IP address. (The amount of information that can be obtained varies according to IP address. If you find a hundred successful logons from the eastern United States, and one successful attempt from Kazakhstan, it would be reasonable to make further inquiries into the person logging in from Kazakhstan.

Additional topics

The following are some additional topics to be discussed in future posts.

  • This is not artificial intelligence.  In fact, the concept of artificial intelligence is so poorly defined that people using the term are usually trying to mislead you or using hyperbole as a sales gimmick.
  • It is possible to identify systems by IP address, cookies, or other means.  If a login attempt is attempted from a new system, you may want to force the user to confirm his identity.  Confirmation may also be desired if a long period of time has elapsed since that system was last used.
  • Confirmation of identity can be carried out by a number of means such as two factor authorization and security questions.
  • You should confirm information when the account is created.  This applies especially to telephone numbers and e-mail addresses.
  • You need to have a policy regarding appropriate actions when penetration of the system is suspected.
  • You need to have a policy describing the actions when a user requests that his password be changed.


  • Security is not always convenient.  During the American Revolutionary War, the British garrison at Fort Ticonderoga left a gate open to make things easier for the cooks and washerwomen to get water and for the guards who would otherwise have to open and secure the gates at frequent intervals.  It did not go well, as the fort was captured before its commander was aware of the attack.
  • If you want to be secure, you will have to make an effort to detect and respond to unauthorized attempts to log on.  Otherwise you are simply leaving the gate open for attacks.
  • Furthermore, being told by your subordinates that the system is secure and you trusted them is not an argument that will go over well with the people you work for.




Paranoid’s Guide to Server Administration


Given the number of recent breaches in web sites, managers want to improve security. However, a manager ordering that all security problems be eliminated from a web site will have no more effect than King Canute ordering the rising tide to halt. You have to assume that things will break and then make sure that there are additional safeguards that will still prevent attackers from gaining control of the system after a single failure. You also have to seriously evaluate all possible attacks, even though this may make you seem slightly paranoid.

That is the true cause of the Equifax failure, which was caused by an unpatched flaw in the Struts software allowing malformed HTTP requests to cause the execution of code on the computer housing the web site.(Fox-Brewster, Newman) Lots of articles and white papers have been written describing the “true underlying cause” of the incident and how to stop it in the future.

  • Providers of firewalls will tell you that their firewall will check for malformed requests and would have prevented the problem by rejecting the malicious requests.
  • Other providers will check the versions of the software modules that you download from the internet and flag versions that have known problems.
  • No matter what they sell, vendors will find some way of claiming that their product will prevent future attacks.

There are usually several problems with these claims.

  • How do you know that the vulnerability will have been publicly reported before it is used to attack your system? Zero day defects are by definition not known to the public before they are used.
  • Even if a patch is available, there is still a very real danger that installing the patch without testing will introduce other problems. Any administrator who hasn’t had problems installing patches hasn’t worked with computers very long.
  • There are many avenues of attack upon a system. Some involve hacking from the outside and others involve gaining physical access and hacking from the inside.
  • Purchasing these products without a full security review can provide a false sense of security.

Finally, you should remember the following.

  • It’s not paranoia if people are out to get you.
  • If you actually believe that the security on your system is good enough, it isn’t.
  • Security done “on the cheap” is generally very poor security.
  • Expensive security is not necessarily good security.
  • For those who believe that security can be achieved by keeping facts secret, you should remember Benjamin Franklin’s comment on the subject: “Three can keep a secret, if two of them are dead”.(Gawalt) You have to assume that there is a good chance that attackers will learn your secrets and plan accordingly.
  • You will have to consider how you will maintain security if attackers discover vulnerabilities that enable them to compromise parts of your system.

Simple Layout

The following is a typical and very simple layout for web sites. From a security standpoint, it is very poor.

  • The application appears to users as a web site with account name and password serving to gain access to the application.
  • Administrators can also log on as a remote shell user using Telnet of SSH. Access is controlled by using the account names and passwords on the computer.
  • An additional option is for administrators to log on to the database as a database administrator. This usually uses a special website that is part of the database. Access is controlled by using an account name and password that belongs to the database.

In this simple layout, the application server and database are located on the same computer, and security is completely based on knowing the account names and passwords. There are a number of reasons why this is not adequate.


1. The database contains information whose exposure could be disastrous the company, while the application server is subject to frequent changes that may have to be installed on short notice. Valuable information means that you have to have a robust testing regime involving both manual and automated steps. Frequent changes means that it has to done frequently, increasing expense.

2. There have been a number of remote execution exploits on web servers, application servers, and other pieces of software, and there will be more in the future. You have to assume that vulnerabilities exist that nobody knows about.

3. You also have to plan for the possibility that a malicious actor knows the administrative account names and passwords.

4. The application server sends SQL commands directly to the database. If the application server is compromised, the attacker can send any SQL commands to the database.

5. An attacker with operating system access with administrative privileges can do almost anything to the computer. He can also hide his actions.

Hardening the System

The military protect facilities with multiple lines of defense. If the enemy overcomes the first line of defense, they still have to go through additional lines of defense before they can do serious damage.One way of hardening the system is to divide it into subnets, with formal rules for passing information between the subnets.

Consider the construction of a bank building. It is divided into multiple regions: vaults, public areas, areas for meetings, and employee only areas.It helps to think of the computer systems as castles with multiple rings of protective walls with guarded doors in the walls for data passing through the rings. In order to prevent attacks from malicious actors, you are going to have to harden the system. In order to demonstrate the concept, I prepared a second figure showing a somewhat hardened configuration. In this case, the web site is divided between multiple subnets and various methods are used to prevent malicious actions.

  • Administration of the system is carried out by members of an internal intranet which will be used for development, test, and configuration of the web site. For the purpose of later discussion, this will be designated as the IT intranet.
  • The demilitarized zone (DMZ) subnet faces the public internet and generates the web pages seen by the users. Requests are evaluated by the application server and valid requests are then passed to the production subnet using a well-defined set of protocols. Sensitive information is not stored in this system.
  • The production subnet contains the actual database and an aplication server that processes the requests from the DMZ. This application server then generates the SQL commands, executes them, and passes the information back to the DMZ.

By dividing the complete system into subnets with controlled interfaces, the subnets can be analyzed for security independently. Since each individual subnet is small and simpler, analysis can be carried out using formal proofs. So the next step is to consider the actual protection that can be applied to the individual computers and the effect that they will have in securing the system.



Access to the DMZ and production subnets will be controlled by routers using access control lists. This will insure that messages coming from a given subnet are actually coming from the specified subnet. This moves the authentication from “what you know” to “what you are”.

DMZ Node

The firewall for the server in the DMZ is set up so that access to the operating system (Telnet, SSH, X-Windows, Remote Desktop Login, etc.) can only be obtained from the IT subnet. Even if attackers from the public internet know the account name and password, they will be unable to gain access.

Protection for the application server will involve the use of filters. Requests into the server can be checked for correct format so that attacks involving corrupted messages can be intercepted. Outgoing responses can also be examined so that unexpected error or warning messages can be intercepted.

The application server will not contain the administrative, user, or database account names and passwords. This means that an attacker who has taken over the server will be unable to insert SQL code. Since the damage from a vulnerability is limited, the software on this server is more suited to automated testing and DevOps environments. This is important because it is expected that the code on this node will be changed frequently.

Attempts to penetrate the node on the protection subnet using compromised machines on the DMZ subnet will normally require modification of files on the DMZ node. This means that comparison of the files on the DMZ node against a known “good” version of the files has a very good chance of detecting intrusions. This means that the amount of time that an attacker has to penetrate the production nodes is very limited.

Production Node

The database is stored on the production server and contains the critical data that the attacker would be looking for. Therefore, this is the node that needs the most hardening and security review.

  • Database accounts on MySQL can be set up so that the requests can only come from selected IP addresses. In this case, the accounts would be set up so that requests are only accepted from the production subnet. Different accounts would also be set up for each type of database transaction so that requests are made with minimal privileges.
  • Nodes outside the production subnet would not have access to the production server at the operating system level. Updates and maintenance would be carried out by mechanisms such as the “software update” applications on Windows, Mac OS, and UNIX/Linux systems. This will require effort, but failure to do so makes it difficult to guarantee security.
  • The application server on the production server will accept requests from the DMZ server and generate and execute the desired SQL commands. These requests will only be accepted from the DMZ server.
  • The application server on the production server will also accept HTTP requests from workstations belonging to the IT subnet. These transactions will be used for administrative control of the system. All requests will be fully logged to enable tracing of any changes.  Users will not be able to access the server with Telnet, SSH, remote login, or other means except when the system is taken down from maintenance.  All housekeeping tasks will take place using the application server on the production subnet.

Changes on this system will occur infrequently, and changes will require a thorough security review. Although automated testing may be suitable for determining adherence to functional requirements, testing for security compliance will require a different type of review.

Impact of Exploits

Although the attacker may be able to take control of nodes on the DMZ system, he can’t start trying to penetrate the production system until he compromises the DMZ system. Furthermore, the firewalls prevent the attacker from obtaining shell, X-Windows, or remote desktop to the DMZ systems.

It should be noted that the purpose of a wall is not to stop attackers, but to stop them long enough for counter measures to be taken. That means that you must have a way of detecting the attacks.

Further Actions

This is just the start of the process of securing a site. Provisions need to be made for carrying out maintenance, development, testing, and backup in a secure manner. Users with administrative privileges should not be allowed to select their own passwords, and a host of other policies need to be established to develop and maintain good practices. However, these will be the subject for further posts.


  1. Thomas Fox-Brewster, “How Hackers Broke Equifax: Exploiting a Patchable Vulnerability”, Forbes, September 14, 2017, Retrieved from
  2. Lilly Hay Newman, “Equifax Officially Has No Excuse”,
  3. Gerard Gawalt, “In His Own Word: Library Exhibition Celebrates Tercentenary of Benjamin Franklin’s Birth”, — This is a page from the Library of Congress web site discussing the life of Benjamin Franklin.

Beware the Genie

via Daily Prompt: Genie

If you look at the old fairy tales, you will find that Genies grant your wishes according to Murphy’s law: “If anything can go wrong, it will go wrong”.  To a large extent, this applies to many pieces of computer technology.

  • You can wish to control the lights, air conditioning, and doors in your house from anywhere in the world via the internet of things (IoT) and then find out that everyone else also has the ability to do so, including the burglar who robs your house while you are out of town.
  • You can wish to have access to a site that will build your web site without your having to think, and then find that you have created a site that clearly shows the amount of thought that goes into it.
  • You create a web site because you want to be widely known, and find that the most avid readers are people who want to sell you resort timeshares and a piece of the Brooklyn Bridge.
  • You wish for web site development frameworks that will drastically reduce the effort required, and find that everyone can now hack your site and obtain all your personal information, including your credit card and checking account numbers.

There are a number of books and movies that will show you that magic is dangerous.  According to Florence Ambrose in the online comic Freefall, “Any technology, no matter how primitive, is magic to those who don’t understand it.”  So perhaps you should stop asking the Genie for things until you understand what is happening.  It may take some effort, but as stated by Agatha Heterodyne in the online comic strip Girl Genius: “Any sufficiently analyzed magic is indistinguishable from science!”.  So, before we go to the Genie and wish for things, we should analyze our desires and the available technology more closely.

After all, asking for a Genie and receiving an air to air missile with an atomic warhead would really be bad.

This is my first attempt at writing an entry for the WordPress Daily Post.  If you feel that it is taking the topic less than seriously, you are correct.  After all, if you learn to laugh at yourself, you will always have a source of amusement.  Or as the Cheshire Cat said in Alice in Wonderland, “We’re all mad, you know”.

Picking Your Password

Picking Your Own Password is Dangerous

Selecting your own password for a web site or computer is like hiding a spare key under the door mat and expecting that burglars won’t look there. It may be a surprise to some people, but the burglars know to look there along with a dozen other locations where people hide keys. For example, a number of people decided to use the names of sports teams as passwords, thinking that it was clever, but the passwords were easily cracked.(Dark Reading)

When dealing with user selected passwords, an attacker can generally create a list of a few hundred possible passwords where testing all of the items in the list will grant access twenty to fifty percent of the time for a given account. If the attacker can get a list of account names on a system, he can try this short list against the account names, a process known as “password spraying”.

Pick Passwords Randomly

If you want a password that people won’t be able to guess, there are several methods for randomly generating passwords, many of which produce passwords with billions of combinations that are still relatively easy to memorize.

When analyzing password security, the size of the password space is the number of possible passwords that can be generated. For example, the Diceware Passphrase method uses a number of lists selected from a list of 7776 (65) words. With three words, the size of the password space is 77763 or 4.7 x 1011 possibilities. Some possible phrases would be “good very elite” or “swamp time floor”.

How Big is Enough

  • On the other hand, there are people who talk about attackers being able to test millions of possible passwords every second. (The author of the Diceware Password site recommends using 6 words, for a candidate space of 77766 or 2.2 x 1023 possibilities.) This is usually based on the attacker getting a list of the hashed versions of the passwords. (A hashing algorithm will always produce the same number when applied to a password, and it is incredibly difficult to determine the original password given the hashed value.) I don’t find this argument meaningful for the following reasons.If the attacker has the list of hashed values, he already has access to the files on the system. At this point, he can probably also insert code that will record the account name and password as people log in to the system. The complexity of the passwords become irrelevant. There is no defense.
  • You can easily program a web site to require a period of time between login attempts. The required period usually increases with subsequent attempts. For example, the wait might be 1 second before the second attempt, with the wait time doubling after each successive unsucessful login attempt. (That would result in wait times of 2, 4, 8, 16, and 32 seconds for the third through seventh attempts.) After the seventh consecutive unsuccessful attempt, you could lock out the account for ten minutes, with the wait time for the first unsuccessful attempt after the lockout period reset to one second. This limits the login attempts for a specific account to less than one attempt per minute. With three words, it will take an attacker over five hundred thousand years to go through all of the possibilities for a Diceware Passphrase using three words. A two word Diceware Passphrase would still require over a hundred years. If the site doesn’t use techniques to set an upper limit on the number of attempts, the site is insecure.
  • If the web site doesn’t generate log files that are checked periodically, the site is insecure. If you have logging, attempts to guess passwords will become apparent. (To be described in more detail in a later post.)

Sometimes Smaller Is Better

For those that insist you use more than three words, I would note that many web sites will not allow very long passwords. (See Johnston) The article by Johnston indicates that most people are capable of easily memorizing strings of four tokens or less (a token could be a word, number, image, or musical note). (See articles by Cowan and McLeod) Increasing the size and complexity of the password makes it more likely that the user will write down the password, allowing other people to discover it.

Don’t Reuse Passwords

You should not assume that any web site will safely protect your passwords. In addition to the web site being hacked by somebody outside the site administration, you have to worry about other problems.

  • An attacker could create a web site simply for the purpose of collecting account names and passwords from users.
  • An attacker could gain employment at or physical access to a web site and attack the site from within.

You should therefore use a different password for each computer or web site. Otherwise, an attacker who learns your password on one system can break into other systems with the same password. There are password manager applications that will generate random passwords and store them for you. This means that you only have to remember the password for the password manager application.


  1. Nelson Cowan, “The Magical Mystery Four: How is Working Memory Capacity Limited, and Way?”, published in Curr Dir Psychol Sci, 2010, Feb 1: 19(1):51-57 (Retrieved from HHS Public Access on 2-April-2018 from ). – In this article, it is stated that four items seems to be a reasonable number of items that can be stored in short-term memory, and that the set of items can be composed of words, numbers, and images.
  2. The Diceware Passphrase Home Page,
  3. Diceware Security Blog,
  4. DoD Computer Security Center, “DoD Password Management Guideline”, 12-April-1985, Standard CSC-STD-002-85 – This document is part of the Rainbow Series of documents issued by the Department of Defense. Each of the documents in the series had covers in a different color, and this one had a green cover and was called the “Green Book”. Even though it is considered outdated, it is a good starting point as it avoids the hyperbole I have seen in other documents.
  5. Dan Goodin, “Why passwords have never been weaker – and crackers have never been stronger”, Ars Technica, 20-August-2012,
  6. Chris Hoffman, “How to Create a Strong Password (and Remember It)”, How-To Geek,
  7. Casey Johnston, “Why your password can’t have symbols – or be longer than 16 characters”, Ars Technica, 29-April-2013,
  8. “The Magical Number Seven, Plus or Minus Two”, Wikipedia,,_Plus_or_Minus_Two (Retrieved 2-April-2018).
  9. Saul McLeod, “Short Term Memory”, SimplyPsychology, (Retrieved 2-April-2018). – This is another article discussing the idea of seven plus or minus two representing the number of items that can be stored in short-term memory.
  10. NIST Information Technology Laboratory, “Digital Identiy Guidelines: Authentication and Lifecyle Management,” NIST Special Publication 800-63B. 09-April-2018, – This is part of a series of documents from the National Institue of Standards and Technology: Digital Identity Guidelines (Special Publication 800-63, Revision 3), Enrollment and Identity Proofing Requirements (Special Publication 800-63A), Authentication and Lifecycle Management (Special Publication 800-63B), and Federation and Assertions (Special Publication 800-63C).
  11. “Winners and Losers in Password ‘Bracketology’”, Dark Reading, 23-March-2018, – A discussion about people using the names of sports teams as their passwords.

Initial Website Planning

This page is a work in progress.  Let me know if you have any comments.


There is a very old saying that “Failing to plan is planning to fail”.  (Before you complain about my not providing a citation, I have seen versions of this attributed to Winston Churchill, Benjamin Franklin, George Patton, and I believe that that were a number of ancient Greek and Chinese philosophers who said something very similar.)  Assuming that you want a website, the first question that you need to answer is “Why?”

  • Why do you want a web site, and what do you expect the web site to do for you?  You must be expecting something from it or you wouldn’t be doing it.  Some possible areas are improving reputation, improving public awareness, providing assistance or entertainment to others, providing a place to share information, assisting in the operation of an organization or business, making you feel better, helping you to make money, and helping you to reduce costs.
  • How would you describe the typical person you expect to be a viewer for the web site?  You may want to provide a few different types of descriptions.  (Think novice, intermediate, expert, hobbyist, professional, etc.)
  • What do you expect the web site to do for the viewers?  If the web site doesn’t have value for the viewers, they won’t use it.  Many of the possible areas are the same as the same benefits that the creator of the web site expects to receive.
  • How do you expect viewers to find the web site?  There are a number of possible methods.  Don’t spend money on advertising or boosting the site until you have first gone through the free methods.
  • Why should viewers come back to the web site after seeing it the first time?  I have seen some websites where I literally have no idea of how to use it, where images and flash animations take so long to load that I shut down the browser before the first page loaded.
  • How are you going to assure that people don’t run away from the web site screaming in panic?  A blind person will be very frustrated with a web site where all of the information is shown as images, and a deaf person will be very frustrated with a site where you need to listen to a spoken voice?

Don’t try to provide lengthy essays for each question.  A paragraph or two is sufficient.


Once you have answered these basic questions, it is time to do some research.

  • Try to find some web sites that are similar to what you plan to do, and look them over.  What do you like about them and what do you dislike?  How are they organized?  Try to make a list of the various sections and what they do?
  • Find some web sites that you really like and look them over in the same way.  What do you like about them, dislike about them, and how are they organized?
  • Get a book out of the library on creating web sites and read through it.  You aren’t going to try to memorize it, just get some ideas.
  • Try looking at a few tutorials (either written or video) on creating web sites.

Requirements Planning

What are the “use cases” (also known as “user stories”)?  These are the things that people should be able to do with the web site.  If the web site has user accounts, some of the standard situations would be the following.

  • Create a user account
  • Allow the user to deal with a forgotten password
  • Log in to the site
  • Log out of the site
  • Change the profile information for the account
  • Set a message to the web site administrator

Depending on the web site, some other situations would include the following.

  • Participate in forums
  • Create and read blog entries
  • Join a mailing list and remove your name from the mailing list
  • Obtain information about the organization or business, including its products, activities, and events
  • Obtain support from the organization or business
  • Look up items in a catalog
  • Order items from a catalog
  • Pay for the items ordered from a catalog (Credit cards, PayPal, etc.)


At this point, you can start making a list of the pages that will appear on the site.  The idea is to start with a very rough layout and then refine it in successive iterations.  You start with a list of a few pages together with a few sentences about each page.  For example, here are some common examples.

  • Home page – The home page is the page you see if you enter only the domain name and port number for the server.  The main purpose is to let the viewer know within a few seconds that the web site will be useful or helpful to him.
  • About – This page describes the organization or business behind the web site in more detail and also includes more information about the web site itself.
  • History – The history of the web site or the organization or business that it represents
  • Blogs – Blogs are essays that are placed on the site and are of interest to the viewers.
  • Forums – Forums are areas where the viewers can have discussions and exchange information
  • Online Store
  • Entertainment
  • Calendar

Next Step

After this you can start designing your web site.  This will involve a number of steps that will be covered in later posts.  However, the design process can be considered as comprising the following.

  • Refining the descriptions of the pages
  • Refining the requirements
  • Verifying that the pages will satisfy the requirements

You will then be able to start the development.  The design and development steps can be combined, but not doing the planning first will cause you to have to redo a lot of work.



Need help with your internet presence?

I’ve decided to try to get into the consulting business for internet support and web sites.  Do you want help getting your business a web site and a presence on the internet.  I will provide free help in order to build up a local reputation.  No cost, no obligation, and I will provide links to posts and web sites that will help you.

I’ve been working in information technology for thirty years, and somebody might as well get some benefit out of it.  By the way, this web site is hosted on, which provides absolutely free web hosting.

The following are some related posts.

  • Putting your business on the map – How to make sure that your business is shown on Google and Apple Map applications.  You want people to be able to find you.
  • Initial website planning – Think about what you want your website to be before you start developing it.  It saves a lot of work.