Sorry for the lack of updates. I’ve only had a few things to write about lately…but not enough motivation to actually write them.
Had a good, busy weekend. Wasn’t able to do too much that I wanted….stuff for me.
I’ve had this website that I’m supposed to build for Z’s parents…
It wasn’t difficult to build, but kinda difficult to design without any design assets. Made the background (and that pattern is very much not the kind of design I regularly do) and the logo from scratch. The shape of the logo is off the sign, from google maps images :P
This week is a short work week for me. I’m going to Montreal with 10 or so of my friends for a bachelor party. Leaving Friday morn, expected to return Sunday by noon. I have Thurs and Monday off but those will probably be errand and recovery days, respectively.
That brings us to May 17. Starting May 17, I have a big project at work, and people actually under me. My big chance to be a project and team lead. That’ll be new and interesting. Except I didn’t mean interesting, I meant tedious. I’m not good with people under me, asking me questions frequently. Because when I can’t get my work done, it starts to get annoying….and then I lash out at them.
May 26 is my birthday, May 28 is my friend’s wedding…and Anime North is May 27-29 but I don’t think I’ll be attending. Well, still considering it…hard to justify going if I don’t want to buy anything as I’ve been online shopping and preordering like mad lately. I’m totally on top of my game with what I wanna buy and what’s coming to me, a convention would simply be impulsive buys…probably not anything I could afford right now.
Anyways, that brings us to the end of May.
To be honest, while I want to play Zelda: Majora’s Mask or Kingdom Hearts (my 2 gamer sources both telling me to play one game before the other, I don’t know what to do!), I haven’t wanted to while I’m busy and can’t finish the game in say, a week or 2 weeks. So I might wait until June to start one of them. Leaning towards Majora’s Mask simply because I still feel like I’m in the Zelda world. I would still recognize the characters, and the type of game play. And for Kingdom Hearts, there are a bunch of Disney movies I want to watch before hand. Both Alice in Wonderlands, maybe Tarzan again…who knows. On the other hand, I also want to play Kingdom Hearts more than Majora’s Mask…so playing MM might just be to ‘get it over with’.
Anyways…just wanted to drop in. Haven’t written anything for 6? days now…that’s gotta be some kinda record! Didn’t have much to say but just wanted something fresh on my homepage!
The recent PSN (Playstation Network) and SOE (Sony Online Entertainment) hacks have been bad. Bad for the average user that uses these things (me), very bad for the users that have purchased things over these channels (me), and very very bad for Sony. But I have little sympathy for them as creating something to hold this information needs the support and security around it to prevent that kind of stuff. While PSN isn’t a paid service (and thus, not directly revenue generating, as opposed to say, XBOX LIVE), I would imagine that they should definitely have had the financial means and resources to prevent against whatever security hole was used.
That said, I work for a large corporation and while we have group(s) dedicated to security, I don’t know how they would fare to the creative hacker. In a recent discussion with a security minded person, he recently told me that he teaches people to hack. My original thought was “as a security expert, why teach people to hack? It seems to enforce what you’re trying to prevent.” but the answer was quite obvious. He said “by teaching how to hack, it helps a developer to develop more secure code”. Duh. Now, I’ve never been one to hack. I mean, truly hack. I can do some creative things with my given skills but I’m not one who knows about <insert what I don’t know about hacking keywords>. I know how SQL Injection works…and thus, I know to code to prevent that type of exploitation. But I don’t know how <hacking method x> works, and thus, can’t code against it.
I’m always up for learning new things, and learning how to hack better is definitely something new on my list. Not to do something malicious, heavens no!. But to become a better developer. Now is a good a time as any to take the first steps towards learning something new.
Anyways, the intention of this post was to discuss passwords. Given the recent exploitation, I’ve been forced to re-evaluate all my passwords. Granted, I’ve been meaning to do this for a while, but this actually gave me a pretty good excuse. While it’s a security risk introducing the following topics, I’ll try to stay vague and not give anything away that could potentially hack me.
I’ve finally made different passwords for everything. I’ve always avoided this because of the obvious limitations to my memory. I used to have about….5-10 passwords which I used for everything. They varied from “password” to “I don’t care if this gets hacked” to “This is my godly, unbreakable password!” but as I sign up for stuff, reusing certain passwords, the passwords blurred. I had “I don’t care if this gets hacked” passwords for important stuff, and “This is my godly, unbreakable password!” for unimportant stuff. This has become a problem.
Up until recently, there was something I hadn’t considered regarding the security around signing up for things. When I would sign up for stuff, I would submit my email, my username, and a desired password. To keep things simple, my desired password would often be my email password. What a ridiculously stupid oversight. Generally, when you sign up to sites, you think they have a secure system. You hope they do. Password hashcodes, security precaution x and y. But what if they didn’t? As the user, you’re no wiser to their infrastructure or security. Suppose they simply had a table with
EMAIL
Username
Password
warren.shea [ a t ] gmail.com
warrenshea
password
and what if the system admin or whoever, just viewed the table and BAM!, gets the email and a password. Granted, it’s the email, username and password for the site they’re the admin of. But technically, that person could try that combination of email and password to “hack” in to the email account. Now, I don’t know what the percentage of people that do this is…but I’m fairly paranoid and even I did it. Granted, I’m quite stupid as well…so it’s hard to say. Still, I imagine that you could probably hack in to 10-20% of the emails….and that’s a lower estimate. I would guess you’d get in to 80% of them. People just can’t remember that many passwords so they reuse them. Again, it wasn’t too much of an issue as I would sign up for stuff with my “bad password” while my email had my “good password” but again, sometimes I’d get stupid or careless.
There’s also the problem that my “This is my godly, unbreakable password!” has certain characters that aren’t allowed by sites. A good site will allow dIFFerEnT cAseS, NUMB345, and C#@RACTERS. But some don’t. And I have to use “I don’t care if this gets hacked” passwords for important stuff….because the system won’t allow a good, secure password. In 2004, I actually had an email rant to Rogers because I couldn’t change my password to the one I wanted….they wouldn’t allow special C#@RACTERS. Sh!tty system.
.
.
.
Anyways, that’s gone now. I’ve modified all my passwords to be something different for each and every thing. Getting “PASSWORD A” will not give you any other access except to “SECTION A”. And that’s how it should be, I’ve just been too lazy to realize and change things. But improving your own security is the first step to becoming secure yourself. Better to fix things like this early than get hacked somewhere down the line for signing up with “I just wanted to download this one thing!” site….but obviously you wouldn’t know which site hacked you because you’re a password reusing fool, so it could be a number of them. Also, you’d have more important problems to deal with…figuring out how to fix things rather than figuring out why you were hacked and who did it.
Now, please watch this informative video on safety best practices.
GUILTY GEAR XX – Dizzy – Alter $155.98 – Price I Paid (total) Pre-orderered Feb 22, 2011 Ordered April 30, 2011 Release Date Apr 2011 Purchased at Kid Nemo
Kotobukiya DC Comics: Catwoman Bishoujo Statue $65.78 – Price I Paid (total) Pre-orderered Feb 22, 2011 Received Apr 4, 2011 Purchased at The Big Bad Toy Store
Notes
One of my better months…not only did I finish a game in which I’d been wanting to play for over a year, but I also did some major updates on warrenshea.com. The only thing that’s missing is some .NET and maybe some reading for some books….
What I want to accomplish in May
Shows / Movies
House (entire series) – In progress – S04E08 and catching up…
Neon Genesis Evangelion (entire series) – In progress – Regular Series, D&R and EOE finished….just have REBUILD left 2/4 movies!
Books & Manga
Azumanga Daioh – To Do
warrenshea.com
Clean up my code a bit
Fix Old Themes
Gaming
Either
– Finish Zelda: Majora’s Mask (N64) – To Do (after House)
or
– Finish Kingdom Hearts (PS2) – To Do (after House)
Web Development and Design
Start Smashing Magazine Book 1
Start Smashing Magazine Book 2
Start ASP.NET 4.0 book
Start my HTML5 book
Other
Learn my Mac OS
Notes
I wouldn’t be surprised if I accomplish very little this month. I’ve got a weekend bachelor party and a wedding….and my birthday….and a whole lotta work….this might be one of my busiest months but I also need to stay healthy and energized, despite recent allergies making me ridiculously tired all the time…anyways, we’ll see how it plays out. I’ll be happy if I can finish a game by end of the month
