Meet the Staff: The Password Master
How does one get to the LII? Well, it ain’t exactly Carnegie Hall, so “practice, practice, practice” won’t quite cut it. Instead, our staff take diverse paths to their positions at the LII, and that’s what makes us work so well together. In a small operation like ours, it’s not so much what you know, as how much you are willing to learn.
One question many of us get asked often is, “What exactly is it that you do at the LII?” Last week, new LII Systems Administrator Nicholas Ceynowa took some time to answer from his top secret bunker at Cornell Law School.
Q: When did you first become interested in computers?
A: At a young age. We had an Apple 2 that I spent a great deal of time on. I also have fond memories of upgrading our 486 with a Pentium knock-off and attempting to overclock it.
Q: Where did you go to college and what did you study there? Degrees?
A: I have a B.F.A in Dance from the University of MN, and a M.S. in Computer Science from Fordham.
Q: In your earlier career, you were lauded for having “a feline fluidity that is nailed to the floor with purposeful weight.” What exactly does that mean, and how will it help you here at the LII?
A: In terms of what it means, good question. I guess that I was doing ok? That was a New York Times review from a performance at the Joyce. I was dancing then with Taylor 2, Paul Taylor’s second company. Very difficult solo, and costuming was white tights. So yeah. As to how it helps me here, I feel that if I can pull something off in front of reviewers and audiences while wearing white tights, I can take on anything life throws at me.
I suppose just being a professional dancer, and having that be the only job I needed to have. Most dancers work project to project, I had the incredible fortune to be employed by a company that worked enough to provide a sustainable income and benefits.
Q: What is the most interesting aspect of your work at the LII?
A: Learning something new everyday. Becoming best friends with the LAMP stack. People don’t realize how much goes into serving a website, especially one that sees a large volume of visitors everyday.
Q: What is the biggest challenge in working at the LII?
A: Juggling a giant list of issues dominated by a giant list of connected systems. There’s a great deal going on behind the curtains, so to speak.
Q: What parts or features of the LII site best demonstrate your work?
A: The site being up? Honestly what I do is not easily observable.
Q: Most people have no idea of the kind of attacks websites receive every day. Can you explain some of the ones that show up and how they impact the users?
A: Without getting into specifics, the most you would generally see is a slight slowdown of the site, if even that. Most of the attacks websites see are of the automated, brute force nature. DDOS/DOS, SQL Injection, XSS, etc. Dictionary attacks. Exploitation tools have become incredibly easy to use and automate; the barrier for entry is negligible. And the vectors chosen are becoming increasingly subtle.
Q: What upcoming projects/features are you most excited about?
A: All of the WEX improvements. There’s a great deal of backend work that needs to be done to support this, and I feel that the technologies employed here will ripple out to the main site, making everything that much better.
Q: Anything else?
A; Remember kids, only you can truly enforce password complexity. Don’t want to shoot the sample space of your potential password in the foot? Stop using actual words as passwords. puppieunicornkisses1 isn’t going to cut it. And 2-factor authentication is neat.