Apologies for the lack of support on the chart, SVG rendering is terrible in Firefox.
If you click on the 'Day' view and then 'Show only Mavericks' you can clearly see a rise from 0.20% at 7pm yesterday up to almost 10% at 5pm today. The other lines have had a slight decrease, but yes it does look like Mountain Lion users are upgrading fastest. I'd be surprised if Leopard/Tiger users upgraded quickly as I'm sure they'd be apprehensive of updating their old and potentially fragile kit.
Sounds like you've misunderstood the purpose of this.
I usually just use a single password across most services, so they all know your password, even if you trust them not to store it in plain text. It's infinitely more secure to use something like PW, never entering your main/master password into any other services and then have a generated hash that really means nothing to anyone (can't be decoded or anything stupid). The length factor here makes very little difference, and only you need to know that you use 40 character password (yes, 40, which I bet is longer and more secure than your current password(s))
There is nothing inherently secure with you hashing the password to be used as a password. It uses a non dictionary string and has a long (but static) length, ok, but a random number of anything (characters, words, whatever) has variable length.
There is a reason passwords like 'the old lemon man jumped high as a pokemon' are getting more popular.
I still don't think you get the idea. Using 'the old lemon man jumped high as a pokemon' across multiple services may be secure from someone trying to hack just you, but it's much more likely that one of those services will leak your password (security flaw of some kind) and will therefore compromise your password across every service.
You could easily just use 'servicename||this is my secure password' as your password, but it's still obvious what the pattern is to anyone who obtains that password, rather than getting 404fC7C426Cb6cD694E6C2Ee828c133fA771AcC8. You should be able to leave your password and email address in public places without anyone being able to have any significant effect on your security (they might gain access to one service).
To be fair, although I really dislike the idea of fixed length passwords, with this many characters it's not too bad.
A full search of the password space that this outputs would take ~10^50 years at the moment, on high end hardware, and shouldn't be susceptible to attacks on patterns, assuming SHA is working properly.
One thing I would say is that with something like this you might as well just remember a really long password and tag on the name of the service at the beginning, that will give you (arguably) more security. Something like hackernewsFe26476e75256504234fC7CbBcE05aEd704b94A2.
Probably didn't make it clear enough, it's repeatable so you'd use Twitter as the service and whatever password you usually use (master password), it'd come back with a hash and you use that as your Twitter password. Whenever you need your Twitter password, you repeat the process.
https://github.com/simontabor/pw - it's got node-webkit so there's a mac app in that repo and should also work on Windows + Linux nicely (this is simply to take it out of the browser where it's easy to lose tabs and put it in a clean, small window)
It's a nice touch to provide a local application to run as there is no way people should be doing this in the browser. You might want to remove the tracking from the local app though, even if it is for analytics purposes, I don't want something that deals with passwords like this to be phoning home.
I may do, it's not too difficult for people who care about it to just take it out - I'd actually rather people take the code, remove tracking if they'd like, edit colours/whatever and make it their own. It's more the concept that I care about (never ever send your main password over the wire)
Basically, it's for efficiency reasons. Some of our sites have well over 40 pageviews per second and updating the numbers that frequently would put a huge amount of load on our servers and also crash the browser or make it go incredibly slow.
We also like to use the very same API that's available to our users in the Now and Trends dashboards as it encourages us to ensure response times are quick and that everything we track and display can be used programatically in custom integrations (such as the trending section on http://carthrottle.com).
We get a lot of questions at GoSquared (https://gosquared.com) as to why their engagement metrics (and visitor counts) are so different between GA and GoSquared.
Pinging all visitors to check their still online is our solution, rather than making a guess/estimate - this means that sometimes GA reports about 10 visitors online when there are actually more like 100.
This is especially true with HN posts where most people only visit the one page and then leave.
Does that mean GoSquared will report a page that has been open for days, taking up a tab but not being actively looked at, as 'online', or is there a timeout after a specific period of inactivity?
I don't know about GoSquared, but I built a similar real-time dashboard for W3Counter [1] that operates the same way. It would include that visitor as long as the tab is still open, but it also shows how many visitors are idle versus writing or reading (recently scrolled or moved the mouse, which requires the tab be in the foreground), so you know how many are just sitting in tabs.
