Saturday, November 19, 2016

Vacation plan ✈️

A very good news for all of us: vacation is coming 🤓 But in order to make the vacation meaningful, I would like to enhance my knowledge besides simply running the "eat, play, sleep" loop.

The first thing I would like to do is to learn Swift properly. Though I have gained some knowledge on Swift from my teammates, who are Swift pros, in final project, I still lack of a solid basis on the language and iOS development (my teammates tanked all the basic setup). After an exciting semester with 3216, I would definitely like to take its twin module 3217 and some knowledge on Swift would help me focus more on the design and soft skills in 3217, instead of struggling with the coding part.

Secondly, similar to Swift, although I used NodeJS for 2 of my projects, I still what to learn more about Javascript. I read an article that in year 2016, Javascript has been enhanced with new frameworks and libraries which makes it very much different from the age of jQuery. It would be interesting to find out more on it.

Moreover, as mentioned in my previous blogs, I developed interests on computer security and I have bought a book on web security for noobs. Hopefully I finish it in the first 2 weeks then I will come back to tell you whether computer security is still appealing to me 😂

Last but not least, I need to review on my algorithms in order to be prepared for interviews next semester ><

It seems like I won't have enough time to finish all of this unless I upgrade myself to an "vacation-efficient" version. It is always fun to challenge myself so let's try 💪

At the end of CS3216

At the end of CS3216, did I achieve what I hope to learn at the beginning of the semester? In my very first blog, I listed 4 skills that I would like to learn in CS3216, namely project management, time management, working with people, and hardcore coding.

For the first two soft skills, considering the heavy workload, we are somewhat forced to schedule our tasks well and work efficiently in order to save time for other modules and sleep (Sorry guys I know we are not supposed to take other modules or sleep during 3216 😳). As for working with people, I really enjoy working with all my 4 teams and I truly admire them. They are all very nice people with strong technical and soft skills. Just by reading their codes and watching their presentation I can make great improvement. Just some quick example, Jinghan is a godlike iOS developer, Jiang Sheng is so pro at backend and server management, 💡has great sense of art, Melvin can always spot what is wrong with an idea, Zhi An is a such a confident presenter. There are much more to list down. Among all the advantages of my friends that I observed, if I manage to master some of them myself, I guess I will be able to push myself to a new level. Another very specific lesson I learnt from my final project teammates is, in order to have buffer time to do testing / submit for review / prepare for Steps, we really need to work very very hard from the beginning. In other words, NEVER procrastinate. I guess that is part of the reason why they are so professional. Last but not least, like many of us, I enhanced my coding skills during the semester. I have learnt new skills like NodeJS, Swift and Amazon Web Server management.

Beyond what I hoped to learn, the guest lectures and TA reviews actually taught me lessons out of my expectation. For instance, now I have a clear idea on how to do a successful pitch in 2 mins which I applied in the final pitch presentation. Prof and Su Yuen's review on our app also opened my mind on how to create great user experience. Besides, I really didn't expect that I could talk that much on Steps day haha.

And what could have been done better? Well, marketing skills. Our trail on marketing FitMi at Deck turned our to be a failure. I guess it is because firstly we didn't point out what we want them to do (downloading our app and supporting us on Steps) so most of them were like "hmmm okay, so?" after listening to our pitch. And secondly we didn't approach them in the right time with good reasons (like charity). I guess people just don't want to be disturbed by marketing people when they are eating / talking to their friends. A better way might be set up a booth and selling our T-shirt 😆. Our T-shirt is really a big success (all thanks to You Jing💡).

To summarise, 3216 really opened my mind by showing me what myself and others can do and pointed out what I need to work on. Though it is now the end of the epic semester, I have a feeling that it is a start of a new journey. A final word for myself: GLHF =)

Friday, November 18, 2016

JoJo's Bizarre Adventure

Since Prof introduced great movies and books to us, I would like to share a great comic with you, which is JoJo's Bizarre Adventure, written by Hirohiko Araki.

Similar to Cloud Atlas, JoJo's Bizarre Adventure includes multiple stories across centuries. To summarise, it "tells the story of the Joestar family, a family whose various members discover they are destined to take down supernatural foes using unique powers that they possess. The manga is split up into 8 unique parts, each following the story of one member of the Joestar family, who inevitably has a name that can be abbreviated to the titular "JoJo". The first six parts of the series take place within a single continuity, while parts 7 and 8 take place in an alternate continuity." (Wikipedia).

In the comic, the protagonist can be a well educated English gentleman, can be Japanese high school students, can be a Italian mafia rookie, or can be a lady who is framed to be a criminal. But regardless of who they are, it is their way of living that makes the stories alive and attractive. Reading the comic, the idea of "I would like to live my life that way" keeping jumping in my mind.

Their attitude towards life can be summarised into two keywords, “gold spirit” and "dark will". The first term describes a positive attitude including kindness to people around and the courage to do what is right. The second term refers to the toughness to break though the obstacles.

Many of my friends have figures out what they want in life, but I am still not one of them. I only have a rough idea that I would like to be a man who is strong both physically and mentally. Then I guess I will be fine regardless of the environment my fate leads me in. Who knows? As the Unbearable Lightness of Being stated, “There is no means of testing which decision is better, because there is no basis for comparison. We live everything as it comes, without warning, like an actor going on cold. And what can life be worth if the first rehearsal for life is life itself? That is why life is always like a sketch. No, "sketch" is not quite a word, because a sketch is an outline of something, the groundwork for a picture, whereas the sketch that is our life is a sketch for nothing, an outline with no picture.” I guess the uncertainty of my life is what makes it interesting to explore =)

Cloud Atlas

Anyone can tell from the length that Cloud Atlas is a great movie.

It was my first time watching the movie and I have to say the structure of the movie is quite unique. Multiple stories are presented in "random" order and together they form a blueprint of what the author tries to deliver to the readers. I spent the first quarter trying to understand what is going on and what are the relationships among the 6 stories. But bearing with the confusion, each story was very attractive on their own. I was so curious to find out how they proceeded. At the end of the movie I was glad that the sub-stories are finally linked together as a magnificent world of imagination. Prof mentioned that he got many ideas about life from Cloud Atlas but during my first trial I was struggled with the content so I could not fully understand the meaning underneath the stories. From my points of view, the movie was trying to tell us, in your way towards your dream, there will always be obstacles and oppression, and scarification must be made to do what need to be done in order to overcome them.

Among all the lines, there is one that really shocked me. "All boundaries are conventions, waiting to be transcended. One may transcend any convention, if only one can first conceive of doing so." It was how I saw the world at the age around 14. At that time I was thinking, why there must be rules, especially those unreasonable ones, to prevent people from doing what might be more beneficial to the world? I was quite upset about it at that time. But after I grow up a bit I then somehow find the rules acceptable because there are too many people in the world and they all think differently so without rules the world might become a place of chaos. So I started wondering, what are the rules that is of no value to follow and what are the ones that I need to stick with even though I don't like them? Apparently I do not have the wisdom to tell the difference between this two so far because I am still confused about it. My doubt is actually similar to a philosophy concept of in 西游记, Journey to the West, where Zhu Bajie was named Wuneng (悟能) because he needs to learn what can be done and what cannot be done. I guess I still have a long way to go before I can clarify the question.

Back to Cloud Atlas, after some research I realised that there were some difference between the movie and the book. So I would like to read the book during winter vacation and hopefully this time I can focus more on the connotation.


Sunday, November 6, 2016

Rainbow table

Prof Hugh's talk on compute security was very inspiring, especially the part about rainbow table. I was wondering after class, if rainbow table seems to be so powerful in cracking password hashes, does it means that our passwords are not secure at all? Out of curiosity, I researched on the defence mechanism for rainbow table and here is what I found:

First of all, adding a salt is a very intuitive approach to defence against rainbow table. A salt is a random data that is used as an additional input in hashing a password. Same password hashed with different salts will result in different hash values. But bear in mind that the salt value must be large enough to make rainbow table ineffective. Otherwise the attack will still be able to precompute the password hashes for different salt values. I think the underling principle of this mechanism is quite common in computer security: instead of aiming for perfect secrecy, you create a computationally secure scheme to defend against attackers with limited amount of resource. This idea works because it is likely that for every single bit increased in the encrypted data, it takes attacker exponential amount of resource to break it, so called 魔高一尺,道高一丈. (Quan Yang mercy please if I am wrong >.<)

Secondly, in addition to adding salt while hashing the password, we can run the underlying hashing function multiple times to increase the amount of times required for the attacker to build rainbow table.  This is called Key Strengthening. The response time to validate users' input password will be affected as well but since for each user they only need to hash one password multiple times the overhead is negligible.

Another defence mechanism is even more interesting. Based on what we have for key strengthening, if we remove the salt after we hash the password, normal users and attackers will have to brute force the salt results. This will increase the overhead for normal users in a significant amount of time. But I am not very sure how it helps to defence against rainbow table attack better than key strengthening. It seems that such defence mechanism is only published on a paper and hasn't been put into practice yet.

Computer security is such an challenging and important field in computer science and after what Quan Yang and Prof Hugh had demonstrated in our lectures, it seems to be amazingly interesting as well. I really feel like looking into this area and having some fun myself~