What I learned from 50 Coursera Courses

How It All Started

I added a page on online Courses I completed to date.  I discovered Coursera a few years ago.  Coursera offers learning materials offered by some of the top universities around the world.

First courses I took were on things like Machine Learning, Probabilistic Graph Modeling.  They were absolutely fascinating to me.  And I was hooked.

So I started taking these online courses not just on Coursera, but wherever I could find an interesting topic.  I took Apache Spark from edX,  CUDA programming from Udacity,  DataScience from DataCamp  Cloud Computing on Qwiklabs.

I took courses on DataScience and Machine Learning mostly, but I also took courses on things like FPGA design and even songwriting.

Four Take-Aways

At this point, I have taken over 50 courses, so there are few things I learned about taking these courses.

First, although you can take most of these courses for free, I chose to pay to get certificates for most of them.  Each certificate is not terribly expensive. They do add up to a fair amount if you get enough of them like I did.  I think it’s still worth the expense because paying for and working for a certificate requires a higher level of commitment.

Second, these courses let you proceed at your own pace, and I took full advantage of that.   And by that, I don’t mean go slow at your own pace.  Instead, I go as fast as I can.   I often finish courses in half the time, and I usually take a couple of courses in parallel.

Thirdly, and this is in relation to the previous point.  I had to develop my own system to sustain this online course learning rate.  I had to get better at organizing my time and more importantly, my attention and focus.  You cannot absorb all this information if multi-tasking or constantly being interrupted.

I also settled on my own note-taking method where I take notes on a notepad (A5 grid from Rhodia or Nemosyne works best)  then summarize formally into a notebook (Seven Seas Crossfield from www.nanamipaper.com – the best notebook and paper ever)

Lastly, I had to be clear about my goals.  I didn’t want to just rack up courses.  I wanted to learn as much as I can, but it also has to provide value.  For that, knowledge and skill have to stick.  It made me think about how best to approach the topic with clear end picture in mind.  This last point is perhaps the most important thing I learned from all this.

Reboot

Yes, I pretty much abandoned this site for a few years.

I’m pretty sure I had a good reason why at the time, and I have a feeling no one really missed me not updating this site since I didn’t have much content.

My bad.

Yes, I’m starting this up again, hopefully with a bit more consistency.

Hide your hash

Hypocrisy of Password Policies

As far as we are concerned, there are two kinds of passwords.   Strong and weak.

These days, you have all this password policy to enforce strong password.  Not only do you have to have passwords longer than gazillion characters, you have to have mixed case, numerics and even a Cyrillic character or two just so that password is strong enough.

And then there are weak passwords.   Not only are they weak, they are often backdoor passwords.  It may be for a database or for IT to do admin tasks, but weak backdoor passwords always exist.   So many people depend on that password that you can’t change it without having a lot of people upset, or even halting some important application or production process.   Backdoor passwords are weak, easy to remember and hardly ever get changed.

Lost Passwords

You will invariably run into lost password.  Just the other day, I completely forgot a password to a WebDAV server I set up not too long ago.    I could set a new password, but I have to go change all these machines and handheld devices that are dependent on this WebDAV server.     This can easily take 30 minutes to an hour.  Life would be easy if I can just recover that one password.

Cracking Your Password

Is there a way to recover lost password?   You know them IT guys will always tell you no.   This is true, in that they can’t see what your passwords are.   Systems are built that way.   But can’t you *really* recover a password?

Well actually there is.    A password is encrypted and stored as a hash.   And given this hash, there are software that can decrypt this password.

Now, these software isn’t some shady crack software intended to be used for breaking into people’s system.  It does have a legitimate use such as, well, retrieving password or finding weak passwords that are easily decrypted.

So I fed the encrypted password value for my WebDAV server into this software and let it run.   Sure, it might take a day or two, but I can wait.

But to my amazement, it spat out the password after only 24 minutes of churning at it.   Only 24 minutes?   That’s less than the amount of time it takes to change the password on all the places that uses it.

Lessons Learned

What this means is that passwords are not as secure as one might think.  And you need to do something about it:

  • Don’t use weak passwords.   More scrambled the password, the longer it takes to decrypt. This also means don’t use your first name, your SS, your phone #, dog’s name, kid’s name, etc. etc.    Yes, all the stuff you’ve been told is really true.
  • If you are a conscientious IT expert, be proactive and try decrypting passwords from hashes.  Get the most security critical password hashes out of Databases or password files and run them through decryption.    How easily these passwords are cracked will shock you, and should prompt you to take an action.
But most importantly,
  • Don’t expose the password hash.  Encrypted may be, but they are still passwords.   You are essentially giving your accesses away when you leave your encrypted passwords out in the open.

So it begins

This is a place where we will post our tech notes and impressions as we work with various technologies.

Many content here will no doubt be yet-another-‘how to install XXX’ notes, which can be of use to those who are looking for such specific information.

More importantly,  though, we are going to take notes on things that are more tangible.  We aren’t just going to jolt down how we installed and ran some Software,  we will try to see how it applied to solving some real world problem at hand.

And in that sense, hopefully the content here will have a uniqueness and usefulness of its own.