They’re Back, Look out!
Well this last weekend marked the annual frosh move in rush. This year I didn’t have to work since I’m not really a ResNet office guy any more. As I outlined in a previous post I’m now the web guy here in our department.
It is always interesting to see all the first years and their parents. It seems that the parents are attempting to control their kids lives to a later stage and it seems like the kids are letting them. I’ve read an article or two that speaks to the same findings. Parents are calling up universities in droves trying to do all the work for their kids education that for certain the kid should be doing themselves. Also is it just me or do parents get angry really fast if things don’t go the way the want? “Do you know your sons student number?” “NO!, Why the F*** would I know that!” “We need it to bring up his information” “**grumble**, **swear**” (Under breath)”You son might know it if you let him talk.” Sigh. The last two years everything has gone so smoothly its scary. We have techs just sitting around waiting for something to do.
The return of fall means the return of the Parkour scene to Waterloo. It was also going in the summer but for some reason I was pretty lazy and didn’t get out much. This year we will have a whole new set of frosh joining us and learning, it should be a lot of fun. If your interested keep an eye on the forums on pkto in the Guelph/Waterloo section for meet times and locations.
dev|sushi opens today
I just made my new site dev|sushi live today. There is not much there yet, just an introductory post explaining what that site is going to be all about. The short story is that all technical content will be written to that blog while this one will be only about me and personal stuff going on in my life. When I decided to redesign this site my first thought was about the many conversations I’ve had with friends that had no idea what I was talking about during a particularly long boring technical post. It just made sense to separate that stuff into its own site with its own audience.
My web programming/design skills have greatly improved over the last year (mostly the former) and I am somewhat proud of the look and feel of dev|sushi, however it has a long way to go to get to what I am envisioning for it.
In the last month I have been extremely busy both at work and at home. I have taken on several web projects and am fighting my way through them. The thing about being busy is that it doesn’t leave much time to do fun and interesting things. I haven’t been out to train for Parkour in around a month and the only exercise I have been getting is an occasional swim in the local pool. Unfortunately that has come to an end too! The university pool is under construction and is closed but during the spring term but we have been able to use our Watcards to get into the Waterloo Swimplex which has been great. Earlier this week Sara and I went to go but were turned away. I was like WTF! (pardon my msn slang) Apparently since the spring term ended on August 11th anybody kicking around campus is out of luck until the students return in September. le sigh.
Before this week I hadn’t played a computer video game for around a year. I was too busy to even think about installing anything but I finally broke down and installed Grand Theft Auto: San Andreas (GTA:SA). OMG! I love it already. I’m getting soooo good at cycling its crazy. :o)
Quick Update
I am going to be re-doing this site along side a new site launch. Currently it is a mixture of static pages (the non-blog) stuff and the blog itself. Firstly, I am going to break the blog in half stripping out the tech stuff from the personal stuff. The tech stuff will reside on the new site and this site will become more personal and hopefully more interesting and readable to the people who know me.
Currently this site has a few experimental features strewn about haphazardly. The green gradient behind this text and the green highlight behind the links to the right are both background images which are very widely used on the web currently. However these are thrown together quickly and don’t look very good. The stark edges of the gradient are really harsh next to the next and the button border is not even as its wider in the corners. In addition the text of the right links looks very bad in both highlighted and normal state.
The revamp and the new site will both use wordpress and hopefully will include a much less default wordpress look. I’ve been greatly inspired by the creativeness of Bryan Veloso over at Avalonstar and many other bloggers of the 9 Rules network. However, be warned I am no designer so don’t expect too much from the non-technical side of the projects.
Shifting job responsibilities
Most of you know that I work for the University of Waterloo in IT. Specifically, I work in the Housing and Residences department and am a member of the Housing Technology (ResNet) team. When I started here I did tech support type work and occasionally did some projects to fill certain needs in Visual Basic. During this time I was working out of the “ResNet Office” and the majority of my time was spent making students computer work on our network.
In the weeks before Fall 2003 when the students arrived the W32.Blaster virus was bring down networks all over the world. Our university instituted a policy to have all internet services disabled and only enable them one by one after the students machine was certified clean and was patched to protect against it. Our network stayed up. We started to notice very strange things happening with studentsÂ’ computers that turned out to be SpyWare/MalWare infections.
Over the summer prior to Fall 2004 I developed a CD which walked the student through the long and arduous task of preparing Windows to run safely on our network. It downloaded windows patches, Symantec Anti-Virus, Anti-Spyware and directed them to turn on a firewall. Some flaws quickly bubbled to the surface. For the most part it worked well for everyone however in certain situations the computer became infected in minutes which is far less time than it takes to install Windows patches. We were still very busy but overall it greatly reduced our workload and we considered this a resounding success. I also attended the ResNet conference at Princeton and was blown away by how helpful it was. Every school seemed to be dealing with the same issues as us.
During the next year we learned more and more about SpyWare/MalWare which was becoming the issue with computers. When a particularly damaged computer was discovered I was called in as the last resort to formatting. In most cases I was successful thanks to the now famous netsh int ip reset. During this period my job shifted toward tools and Linux. I wrote Perl scripts and used various tools to help with the administration of the network and the discovery of problem systems. The summer brought yet another ResNet conference which I attended at Georgia Tech and learned quite a bit.
A new technique was implemented for the students moving in during the summer term. We had them enable the Windows XP firewall and install Symantec Anti-Virus after which time we would enable them and they could update windows freely without fear of infection. It was a great success and cut our issues down to a handful. We have since streamlined the technique with even greater success and for the first time had idle staff during the move in period.
My job working with Linux came to a halt since it was evident that we didn’t need to develop any heavy-handed student computer management software. At this point I started to develop websites (yet another shift). The first project was to replace the Off-Campus Housing Listing Service website with a new friendlier interface. I had very little experience with web programming and so created the first website using ASP which was the language in which the old site was written. After it was finished I looked at ASP.Net for the next project and decided to switch for the increased programming library. It is nearly a year later and I have developed many applications and continue to improve our web presence. Currently I am looking into Web 2.0 techniques for use on internal applications. I imagine this is what I will do for the rest of my time here at UW, web applications are the medium of the future.
DirectX 10 Articles
Ran into a few DirectX 10 articles that I though were interesting.
DirectX 10 & the Future of Gaming (posted at digg)
The Future of PC Gaming – The Possibilities of Direct3D 10 (from gamedev.net)
It is sad to know that we are going to be forced to upgrade so extensively to be able to use DirectX 10. Although I guess if you have the money for a next generation video card you can also afford a new PC with Vista on it. I certainly won’t be among the early adopters; I will stick to videos and screenshots for now.
Some of the features coming down the line mark a significant change in the 3D industry and I am quite excited about them. The geometry shaders alone will bring awesome potential but the consolidated processors is also very smart. It is looking more and more like OpenGL has very little hope of keeping up. OpenGL 2.0 just caught up to DirectX 9 and now this major step forward. I haven’t even heard of anything on the OpenGL front that would be comparable to Shader Model 3.0 yet which was part of DirectX 9c. Am I wrong?
8th Ludum Dare Compo
Its back! The 48 hour game programming competition. I signed up to find out all the info but its this weekend so I won’t be able to actually participate. Maybe next time (although I said that for the 7th one too).
Here is the info for those that are interested.
Starting: April 28 2006 11:00 PM EST (April 29 2006 3:00 AM UTC)
Ending: April 30 2006 11:00 PM EST (May 1 2006 3:00 AM UTC)
GameDev story, Ludum Dare main site
Let me know if you sign up :o)
Yahoo! Privacy Concerns
I am so annoyed with Yahoo! this last while that I decided to vent publicly here on my blog. Now, I am complaining about a free for use service so a lot of people out there would say that you just have to take it and I tend to agree but I still don’t like it. Anyway on with the story.
Quite a few years ago I setup a Yahoo! account using the user ID ‘hitman200ca’ for the express purpose of playing Pool on Yahoo Games with my friends at University. By the way, I love that game despite all its flaws, its really fun. A couple years ago I decided that I needed an online calendar. The Hotmail one included with my 25MB (!!) paid account (boy times have changed) was no good to me. There were (are?) too many bugs including a particular one that didn’t allow the email reminders to be sent for me. I dusted off my Yahoo! account and started using Yahoo! Calendar which incidentally I loved because of its features and it just worked great. Now when it came time to share my calendar for work purposes I was a little embarrassed by the Yahoo! ID I had selected so I created a new account with a more grown up ID. After a short migration period I deleted my old Yahoo! ID and continued on happily.
The first time I realized there was a problem was one day when I noticed that I received two reminders for a birthday and then two more again. I took a look at the emails and noticed that the extras were coming from my old account that I had deleted. Immediately I went to go and delete all reoccurring event in my old calendar but of course since I deleted it Yahoo! would not let me login anymore. I contacted Yahoo! support several times over the next few months trying in vain to get the extra reminders to stop. I received some generic responses that looked as if the support person noticed the word ‘Calendar’ and sent me a form response but no luck.
Yesterday I thought of a new thing to try “Hmm… I wonder what would happen if I signed up for ‘hitman200ca’ again?”. After a couple minutes and an activation email I logged into Yahoo! Calendar and lo and behold my reoccurring reminders were still there. I was so pleased with myself I immediately deleted the events and then deleted the account again.
But wait, what if someone other than me signed up for ‘hitman200ca’? I’ll bet you can guess! I looked through the documentation on the pages when I deleted my account and it certainly said Calendar was among the things deleted. Also it was much longer than 90 days between the time I deleted the old account and the time I noticed the extra reminders (GMail conversation threading, didn’t notice the (2)). I hope my experience was an isolated incident but I doubt it was.
As for me, I am starting to migrate my calendar entries into Google Calendar so I can get away from Yahoo!. Although I’m sure that nobody over there cares much, oh well.
Learning PHP
Recently I have been learning the basics of PHP with regards to web applications. So far I have touched on MySQL queries, login/password storage and forms authentication, sessions and authenticated user session security.
I am working on a personal project called bookkeeper which is a database for the books that I have read and what I thought of them. It started a ways back as an excel spreadsheet then evolved into an access database and then into a web application in php/mysql. My intention is to eventually make it so others can also use bookkeeper, but that isn’t going to be for a while.
Password storage was the first thing to tackle and turned out to be pretty simple. Storing passwords that have passed through the SHA-1 algorithm is the standard practice but has certain security issues. An improvement suggested it to create a unique random string per user to add to the password before hashing it. This reduces the ability to perform dictionary attacks on the hashed passwords. The random unique string is called a salt value and is stored alongside the final hashed password in the database for later comparison, I use an MD5 hash of a number from rand() cut down to twenty characters.
The next issue was session handling and security for the rest of the pages protected by the login page. The standard seems to be to use session_start() which by default generates a cookie containing a session id which you can check at the start of each script page and redirect to the login. So if you are like me you immediately think, ‘what about malicious users?’. Session hijacking is the default scenario seems very easy to me so some precautions are a good idea.
- Make sure to call session_regenerate_id() after every user login so that the old session id is discarded. This will prevent a user from changing the session id cookie to look at another user’s information after logging in normally.
- Don’t trust that the session id stored in the cookie is valid. After the user login store the new session id in the database to be checked at the top of every page before the rest of the session information is trusted. This will prevent a user from changing their session id to become another user while logged in.
That is all I have so far. I would really love to hear how others do this stuff and if there are some issues I haven’t mentioned here that are important to remember. Please send in all your paranoid security methods.
As a side note I am very curious about what web platform and server languages Google uses to write all its applications such as search, gmail, google maps, etc. Currently I assume it is CGI with the back end written in with a C like language or something home-brewed.
Shaving
I hate shaving.
Most people who know me probably think of me with some level of scruff on my face. Generally I only shave once a week or so and I am happy with that. For the most part my issue is that I have really sensitive skin and always have razor burn after shaving. Whatever, I’m used to it.
When I first started shaving it was with the cheap BiC blades but it didn’t matter because I really wasn’t actually shaving anything. My parents then bought me a philishave electric razor for Christmas and I used that for a couple years until I discovered that I preferred the closeness of a blade razor. The razor I stuck with for a long time was a Gillette Mach 3 razor and it served me well. They are easy to clean, give a close shave and don’t cost any more than the other premium blade razors. I’ve never used the one with the battery so I can’t comment on that but the turbo has the micro fins that I like.
Not too long ago I decided to give another razor a chance so I opted to throw out my really old original Mach 3 base and buy a Schick Quattro Pro. The main difference is the four blades but after using it for a while (and hating it) I found a few more. The razor has wire guards over the blades that reduce the closeness of the shave. On the back of the head there are a lot of parts that get in the way of cleaning the blades. I found the blades constantly gumming up during a shave which changed the angle of the blades and made the shave uncomfortable. I believe this would not be a problem for someone who shaves everyday.
I received a free sample of the new Gillette Fusion razor and so far I am loving it. This is the newest on the market and has five blades. Ya I know, I know. It really does play into Saturday Night Live skit that aired quite a few years ago, where will they stop? However all joking aside this razor works really well. The five blades are much smaller and closer together providing a great shave without any extra irritation. The head has no junk on the back so it is easy to clean except for the one issue I have noticed so far with the trimmer. There is an extra blade on the top of the head but it is too enclosed and the hair becomes lodged inside.
Let me know what solutions you have for the shaving problem :o)
Graphics Section
I just finished up the graphics section that I added a link to a couple weeks back. It contains tutorials in PowerPoint form, supporting example code and a section of links relevant to OpenGL programming. This stuff was all originally created for a fourth year graphics course that I was a teachers assistant for at Guelph. Its a pretty rough crash course on OpenGL programming that starts really basic and ends quite advanced. I had a pretty good time putting it all together and researching the more advanced techniques, it also allowed me to really explore the basics of OpenGL that I had missed when starting.
Please let me know what you think of the stuff so I can make it more useful. Also I would like to know if there are any topics that you would like covered or covered in more detail. My plan is to integrate my graphics blog posts and examples into this section so they are easier to navigate.
For now enjoy :o)