fullScreen doesn’t work?

March 10th, 2011 by admin » (0) » AS3

You have a fullscreen-function that just won’t work.

stage.displayState = StageDisplayState.FULL_SCREEN;

No matter what you try… it doesn’t seem to work out. The first thing you should check is, whether you have the Debug Player installed. And if you have, you might get a Security Error, that says, Fullscreen Mode is not allowed…

Adobe Debug Player shows Security Error

Debugger shows Security Error for Fullscreen

The answer is, that entering the fullscreen mode isn’t allowed through a MouseEvent.MOUSE_OVER, you should use a proper CLICK-Event.

Secure and easy-to-remember passwords

September 28th, 2010 by max » (0) » this&that

This is the translation of a post I published at the creative crüe neigungsgruppe.com, because I thought that the topic may also be interesting for international audience.

This article on hacked RockYou passwords made me checking my own password-behavior, and – what should I say – everythings fine ;-)
But my real life experience in team and family tells me, that I’m the exception. And according to the TechCrunch-article above, I’m a biiiig exception: only 0.2% of the users had a »strong password«.

In this post I would like to point out the most common mistakes with passwords and want to show how you can make up easy to remember passwords that are strong further more.

1. The weak-password-trap

First: What are weak passwords? Basically they are short,  contain only letters and can be found in the dictionary (even combinations of those – like “iloveyou” – are evil).
You should use at least eight characters to resist a Brute-Force-Attack. The more the better. (Who thinks that a long password is hard to memorise can use the method described in section 3.)
Every additional character multiplies the number of possible combinations enormous (see Appendix): using nine instead of eight characters, when using only lowercase letters, for example multiplies the possible combinations by 26, increasing them from 0,2 to about 5 trillion.

2. The same-password-trap

Even the strongest password is useless, when someone else knows it (saved as clear text, noted down, … ), and can access all kind of different accounts with it – check out the xkcd comic on password reuse.

One trick is to slightly change your passwords a little bit: e.g. m$p8fAz for Amazon und m$p8feB for eBay. Of course not that obvious;-)

3. How do I find a secure and easy to remember password?

Here is my tip to make up a long but easy to remember sentence.  As an example we use (The sentence should be easy to remember): »The quick brown Fox jumps over the lazy Dog.«
Now we take the first letters of each word: TqbFjotlD.
Let”s replace the o (letter O) with an 0 (zero). The q looks a little bit like a 9 and the b like a 6. The l can be replaced with a 1: T96Fj0t1D.
Now I replace the j with a !, because they are also alike.
A secure password would be T96F!0t1D.

Things you can use most times: $ instead of S, 3 instead of E, 7 instead of t.

4. Password generators

There are a lot of programms, that generate a random sequence of characters. Some can be configured in aspects of length and used (special) characters. I use one for generate »one time passwords« e.g. for user-logins, where the password has to be changed after the first login. Because either you have to memorize these (more or less) random sequences (hard), or you have to note them down (insecure) or you have to store them, using:

5. Central pw management

Finally there is the possibility to store passwords in one central place. A small programm encrytes your password(s) into a database and decryptes them after entering a master-password.
This is really a handy way, because you can use real random character-sequences (from step 4), but you don’t have to remember or note them down. But even this way has three catches:
1. The PW-Management-Tool has to be secure itself (strong encryption of the passwords, resistent to attacks).
2. One password gives access to everything!
3. Most times, a PW-Management-Tool is bound to the computer on which it was installed. If you want to use the passwords from on the way, you have to use your brain or an (in)secure online-access.

One last tip

Don’t ever change your password on a friday or just before your holidays: the chance of forgetting is quite big.

And one more appeal to my developer collegues: please please please don’t store passwords as clear text in databases. The strongest password becomes useless if every sysop can read them in MySQL.



Length Used characters possible combinations
8 lowercase only 26^8 (0,2 Billion)
8 lower-/uppercase and digits 62^8 (218 Billion)
8 lower-/uppercase and digits and special characters* 77^8 (1236 Billion)
9 lowercase only 26^9 (5 Billion)
9 lower-/uppercase and digits 62^9 (13500 Billion)
9 lower-/uppercase and digits and special characters* 77^9 (95000 Billion)
Obvisiously: a combination of long password and many characters enlarges the number of variations enourmously.

* I tend to be cautious with special characters! It may happen that you are using a keyboard on which you can’t find all special characters (Mac/Windows, Abroad, cyber cafe). But !§$%&/()=?.,:; should always work. For the table above I assume 15 working special characters.

Workshops and Congresses, Part 1

PHP World Kongress

My boss forced me asked me kindly to attend PHP World Kongress and the very next day the ColdFusion 9 Upgrade Workshop. There’s a natural rivalry between two worlds, but I don’t want to talk about this here.

Although PHP is not my playground, it was kind of interesting for me: Tobias Schlitt introduced me to Unit-Tests and Stephan Schmidt gave me some of the greatest inspirations I had in the past years (besides that, he had the best concepted and designed presentation – although I hate hate hate Powerpoint)… maybe because of this topics: Software Design (together with Holger Rüprich) and 23 Things you should know about teamwork.

As good as Stephan was Christian Wenz. His presentation about Secure Webapplications in the 2.0 age caught my attention.
He and his collegue Tobias Hauser also showed a usability-test on a random site from one of the attendants: very valuable knowledge (e.g the country-selection looks/feels like a search-field, look/feel of the login on the left underneath the pic, no jumping between categories, …), thank you.

So: if you have the chance to listen to Christan Wenz or Stephan Schmidt on the topics security, usability, software-design and teamwork, I would strongly recommend to.