Edel Grace

Programmer, Developer, Enthusiast

Technology

I Bought a New Laptop

Mar 17, 2017 | Comments

My SO and I have been playing an MMO called Blade and Soul recently. We were optmistic about it running on my laptop because the requirements didn’t seem too intensive and it even supported Windows 7.

It would crash at every single loading screen. Playing on the lowest settings in a 800×600 window lowered the number of crashes greatly but the loading times were still absolutely ridiculous. I even managed to finish crocheting a bag while waiting for the game to load.

Every time the game would crash or I was doing something and mentioned my laptop being slow, my SO would ask me, “When are you going to get a new laptop?” I waffled a little bit on the subject. Gaming laptops cost quite a lot. However, it’s still an investment. I imagined doing multitasking on a new laptop. I could run a VM, Visual Studio, a web browser, and maybe even a game at the same time.

My SO and I spent a couple of weeks looking at laptops and even PC builds. Obviously, I opted out of the PC build. I do want to build my own PC one day but my space is limited and funds are low. When I move out and have a stable job, that’s when I’ll take the time to build my own PC. For now, I’m settling for a laptop.

This laptop was $100 or so discounted. It still cost around $1.3k, $1.5k including warranty (in my opinion, you’d be crazy not buy something so expensive without warranty). I think it’s a pretty good price for what I got.

The main (and pretty much only) criteria we were looking for was a good graphics card. I suggested laptops from the GTX 900 series as they were cheaper but in the end, the laptop I got was a GTX 1000 series graphics card. There were others things we looked at as well, like having up to date Bluetooth, an appropriate number of USB ports, and a good size that wouldn’t be too heavy for me.

Eventually, I decided on Asus ROG STRIX GL553VD. The 16GB RAM was an added bonus for me. It was $70 over my budget of $1.2k but it was worth the extra RAM.

I put in an order on Memory Express and picked it up the next day! There was a bit of a complication. My bank has a limit on the amount you can spend on one purchase so I had to call the bank to fix it. I also had to run back to work with a very heavy box since that took longer than I thought and I picked it up during my lunch break.

After work, I went over to my SO’s place and I set up the laptop. We oohed and aahed over the shiny laptop. So far, I’m pretty happy with it!

Virtual Reality is the Future?

Feb 16, 2017 | Comments

Last weekend my SO and I found ourselves at the mall. He needed to buy hand cream for his climber hands and I was there along for the ride and to possibly look for Valentine’s Day chocolate (no, I did not find any chocolate). We decided to stop at the Microsoft Store and try the Vive demo.

It was super cool.

I got the chance to play Job Simulator and a couple of other games. The experience was kind of surreal. It was definitely everything I expected it to be. I did not anticipate the binaural sound, which was a pleasant surprise. It was shame I only got 15 minutes to play around with it.

The price point is a little ridiculous although understandable for “cutting edge” technology. I can’t wait for virtual reality to become more accessible to the general public.

Games seem like the most probable use case but I’d also love to see it for virtual training, video calls, exploring, etc. Working from home seems kinda fun too. There’s probably a lot more uses for virtual reality that we haven’t thought of yet but the prospect is exciting. Can it be the future already?

LFTP Fatal Error: Certificate verification

Oct 11, 2016 | Comments

The error:

~$ git-ftp pull<br /> ~$ cd: Fatal error: Certificate verification: certificate common name doesn’t match requested host name ‘ftp.mazohyst.org’<br /> ~$ mirror: Fatal error: Certificate verification: certificate common name doesn’t match requested host name ‘ftp.mazohyst.org’

Solution:

Edit ~/.lftp/rc so that it contains set ssl:check-hostname no. What this does is pretty self explanatory. If the hostname in the certificate does not match the hostname you’re attempting to connect to, it doesn’t matter because it won’t check for that in the first place.

The context:

I recently wanted to implement version control for my websites because all too often I think to myself, “I wish I knew what a previous version of this file looked lik”. So since I’m on shared hosting and don’t have my own server, I resorted to using git-ftp for deploying my websites. So far, it’s working great. However, I momentarily forgot I started using this and made some changes on one of my pages through cPanel. I tried pulling the latest pages using git-ftp pull and encountered this error.

Sources:

Speaking of Security

Jun 7, 2016 | Comments

My last post was about security by obscurity and I talked a little about trying to implement security techniques into my projects. This is really great timing.

Last week, various online services ran by my university were down. It was really inconvenient not having access to my e-mail but I took it in stride. I figured it was just the servers acting up or malware or something like that. It turns out that my university was dealing with a ransomware attack. I was half right. Ransomware is malware that basically holds a system hostage until a ransom is paid. My university gave into it and paid $20 000 to get the systems back.

Honestly, it seems to me like paying the ransom was the smart choice. Thousands of users were affected by this attack and it’s probably costing them a lot more not having their systems than to pay the money. It’s probably the easiest route. I haven’t done much research on it but apparently FBI recommends this. It’s better if you don’t pay the ransom but if you’re not tech savvy or the stakes are too high (but not like top secret government stakes), it’s probably a good idea.

Also, personal anecdote. I’ve had an instance of “ransomeware.” It was more like adware ransomware. I was browsing around and all of a sudden my screen flashed and accused me of a crime and asked me to pay a fine. I read through it several times and I froze a bit. I was innocent of the crime (of course) but I was worried that maybe it was something that could easily look like I commited it (think like authors who joke about being on some kind of list for researching murder methods for a book). But I calmly opened up my phone and looked up the message. Common ransomware. So I safely ignored it. Thank goodness because the amount they were asking was easily ten times more than what’s in my bank account.

Security By Obscurity: Just Hide It?

Jun 7, 2016 | Comments

Last semester I took an introductory course to information security. One of the concepts we touched on was “security by obscurity.” Basically what that means is if no one is aware of something, they can’t possibly break into it. For example, hiding your diary is a form of security by obscurity. Of course, this has it flaws. There is always the possibility that someone could somehow stumble upon your diary by accident. There might people actively looking for something valuable to you but they won’t know what it is until they find it. Notice I didn’t mention “if” they find it. It’s always a good practice to assume that they will find it. This is one of the reasons why security by obscurity is not ideal.

Truth be told, I use security by obscurity. The diary analogy I used was something that I actually do. Now, my mom loves to poke around and I still live with her. She has read my diaries in the past so it’s not far-fetched that she would find my diary one day and read it. This is why I don’t use it as my only form of security. My journal entries are either about really mundane stuff or encrypted with Elian script. So unless my mother is good at cracking ciphers (which I highly doubt as English is her second language and frequency analysis is probably lost on her), I can safely assume that my secrets are safe with me.

The reason why I suddenly started thinking about this is because I have a project that I’ve been working on. I’ve been trying to build a book management script. Right now I’m just finishing up simple features for the admin panel such as tagging a book, adding a review to a book, editing author names, etc. All of this is currently in a folder with an obscure name. At first I thought that if my admin folder wasn’t named something obvious like “admin,” I would less likely have a security breach. Who would want to hack my tiny and unpopular websites anyway? Then I realized, wait, that’s a really bad idea.

Curious, I looked up if there was a way to discover folders that were not explicitly linked publically. I was not surprised when I saw that such a way does indeed exist. In fact, there are several ways (or programs) to do this. Software like URL Fuzzer and DirBuster utilize a method called fuzzing. In my introductory class, we would classify this as a brute force method. What fuzzing does is try any possible number of combinations in order to find a weakness. In this case, it tries to find out if a folder exists. Specifically, DirBuster goes through a list of words (have not checked if it includes random strings or just common words) and appends them to a URL. Depending on the HTTP status code (things like 404 not found or 403 forbidden), it can determine if a folder exists on the website or not.

So, knowing this, I could still use security by obscurity. However, like my diary, I plan to implement other layers of security. Whether or not it will increase security or just give it security it didn’t have in the first place, I’m not sure (entropy wasn’t my strong point in my information security course). But I am sure that leaving it as a randomly named folder is not the way to go. I know how to do simple PHP sessions with a login but only with matching the submitted password with a plaintext password in a database. That’s a whole other realm of security issues so I’m going to start reading up on hashing passwords in PHP. I’ve poked around some open source scripts and have found MD5 hash functions so that’s probably what I’m aiming for. Honestly, I’m not well-versed in web security specifically (other than SQL injections are bad and you have to sanitize them) but that’s why I’m still learning.

So the next time you think you’re just going to hide something and think you’ll be fine, you probably will be but it’s better if you combine it with some other security technique especially if it contains sensitive information.

About

A photo of me

My name is Edel Grace Altares. My programming interests include full stack development and back end development. My languages of choice are Python and Java. Outside of programming I enjoy crocheting, video games, cats, historical fiction, and reading.

Categories

Archives

Blogroll