Sucky Halloween

Somehow, I get the feeling that people are not doing much for Halloween
in Brossard (the municipality where I live) this year. I don’t see
pumpkins or decorations and there’s a general lack of atmosphere for
trick-or-treating. Maybe is it because of the gasoline price hike? Is
the gas so expensive that people either have no money to spare for
candies and such or are simply not in the mood to do anything about
Halloween?

Heck, even this year’s Halloween event on the US Lineage servers sucks,
according to many. I, however, managed to do my dark elf’s level-45
quest (without a ring of fire, may I add). I love the shadow boots and
Uncanny Dodge.

- SwordAngel

Bored…

I got too bored while writing an essay, so I went outside to take pictures of the sunset as seen from my front yard.

This is Montreal, Quebec, Canada. The pictures are taken at 18:30 and
the temperature outside is freaking 6.3 degrees Celsius (or 43.34
degrees Fahrenheit). Indeed, this is the best time of the year to just
stay indoor and make some adena… I mean… study.

- SwordAngel

The Slayer

I’m back to the game! w00t!

Notice how 1337 this screenshot is.

- SwordAngel

I hate Java

What kind of gay design is this?
public class A
{
    String foo;
    A()
    {
       foo = “A”;
    }
    String getFoo()
    {
       return foo;
    }
}

public class B extends A
{
    String foo;
    B()
    {
       super();
       foo = “B”;
    }
    String getFoo()
    {
       return foo;
    }
}

// Now some code in main()…
public void main()
{
    A bar = new B();
    System.Console.Writeline(bar.getFoo());
}

The above code compiles and executes but the resolution of getFoo() and foo
is simply stupid and annoying. I would have thought the designers are
smart enough to simply make re-declaration of fields illegal OR to
allow them to be dynamic instead of being static-only. Even worse is that fact that the static keyword is optional in this case (to mean whether the field belongs to the class or to the instances of the class).

Thanks to Skrud for this quote (not in his exact words):

“When they made Java, they ignored 25 years of research in the field
of programming language design and just threw it out the window.” – Dr.
Grogono

- SwordAngel

Security Alert – Category: Identity Theft

It has been brought
to my attention that there now exist certain websites that claim to
check if your instant messaging buddies (on MSN Messenger, ICQ, Yahoo!,
or other similar services) have blocked you, put you on an ignore list,
or altogether deleted you from their contact list.

Things to keep in mind:

• These websites are usually not official, in that they are neither
  operated nor endorsed by the company providing the instant messaging
  service.
• These websites also typically require you to submit your
  log-in information (username and password) so they can perform an
  automated check on your contact list.
• To assure you, these websites include a statement on their
  website that the log-in information is not disclosed to a third party
  and is immediately removed from their computer after the automated
  check.

My advice: Don’t
trust them! Don’t give out your log-in information to a total stranger!
If you have already given out your log-in information this way, change
your password immediately!

Reasons:

• Often, your log-in information also gives access to your e-mail
  account, not only to your instant messaging contact list, as is the
  case with MSN Messenger and Yahoo!. This implies several things:

• They can pretend to be you and spam the people on your contact list and in your address book.
• If your e-mail account contains sensitive information such as
  e-mail messages with log-in information to other services (e.g. online
  banking, credit card number, eBay/PayPal account information), you are
  in deep trouble.

• Bad guys typically tell you they won’t do bad things to you.
• The communication with those websites is usually not secure.
  In other words, somebody else (not the website) with enough motivation
  and technical skill can eavesdrop on you and get your account
  information. So if anything bad happens to you, the website can easily
  claim innocence by saying that it must be some other bad guy who
  eavesdropped on the conversation.
• The websites typically do not contain enough information for
  you to physically contact them (i.e. company name, business
  registration number, mail address, with street number, street name,
  city, state or province, country, zip/postal code). So if anything bad
  happens to you, you’ll have a hard time looking for them in order to
  sue them. It is possible, however, to retrieve this information through
  your country’s official Internet domain name registration body, but it
  is a relatively unknown and technical method/process. Even if at the
  end, you do find their physical mail address or business registration
  number, the damage is done and you probably want to avoid that.

- SwordAngel

Programming vs Coding

Few of us have thought about the difference between programming and
coding. Here’s an interesting quote that I spotted on the homepage of NoMorePasting.com:
“As a programming teacher, one thing does irritate me:
the persistent misuse of the word “programming” when the author
means coding. Programming is creating the logic, coding is translating
that logic into
code. Many students
come into class able to code, but almost none come in able to program — that
is, create the logic. They think sitting down and making spaghetti code is
programming.” - Tom Fordham

- SwordAngel

Surf smartly.

I’m sure many of you have had experience surfing secure websites (basically, whenever you see a picture of a closed padlock at the bottom of your browser). E-commerce websites are typically “secure”. However, some of you probably don’t know what the word “secure” means in this context and get a false sense of security when you see the little picture of a closed padlock. So I’ll provide some clarifications here (particularly to those who have not taken an information system security course).

There are two major kinds of security on the Internet:

1. Secure communication: this means that whatever conversation between you and the website is encrypted, making the conversation a secret that only you and the website know. It is thus extremely hard for a third party who eavesdrops on you to find out what the two of you said.
   
2. Secure identity: also known as authentication; this means that you may trust the website to be the real one, and not some imposter.
   

The biggest problem is with the second kind of security, authentication. Authentication is typically done through digital certificates. Here’s a metaphor of how it works. You talk to some person A. That person A claims to be Tom, and he shows you his ID card (which is the real-life counterpart of the digital certificate). Normally, the ID card is issued by a major authority (i.e. the government) whom you know will not fool you as far as identities are concerned. So you can ask the authority to verify the ID card and see if it’s the real thing. Now imagine if, instead, “Tom” gives you an ID card issued by himself or by some Joe Blow that you don’t know (“Hi, my name is Tom. And here’s an ID card that proves I’m Tom. I issued it myself, but that’s ok… Trust me.” ). That ID card is probably quite meaningless, right? The same thing applies on the Internet. There are authorities in matters of identities, which are security companies like VeriSign, and your browser keeps a list of them. Normally, if a website needs to convince you that it is the real website, it gives you a certificate signed by, say, VeriSign, and so your browser can take that certificate and check with VeriSign. The doubtful case would be if a website gives you a certificate signed by the website itself or by a third-party website that the browser does not know about. In that case, your web browser will probably ask you whether or not you want to accept the certificate as real (hence also accepting the website as the real one), and you should take a good look at the certificate before deciding. Pay close attention to who is signing the certificate; if it is by the website itself, then it is probably not trustworthy. If it is by a third party website, see if the website is a major certificate authority like VeriSign. For a list of certificate authorities, click here.

Now why does the little picture of a closed padlock create a false sense of security? It is because that little picture does not always mean secure identity. It may simply mean secure communication. In other words, it means that you may be having a conversation in secret with somebody, but you don’t know if that somebody is the real person (good guy), or some imposter (bad guy). Imagine the disaster that ensues if you are giving out important information about your bank account or your credit card number this way.

Read more about it here.

- SwordAngel