Week 10: Looking through the archives

--Originally published at Ce qui est chouette

This week I’ll be setting up the interface to interact with our sounds, I’ll create an object containing all our sound effects, for that I’ll have to dig deep on royalty free sounds site.

Week 10: Looking through the archives
Current Archives by Carmichael Library on Flickr under a CC License.

I’ll just be adding sounds and looking at where to put them in the game code.

– A musically-aware guy

Tokens: the ‘I’m old enough to drink’ of web-based teens

--Originally published at Ce qui est chouette

In this post I’ll be dealing with the topic of Authentication and Authorization, and at the end of this post I’ll provide some examples and summarize some of the currently used solutions.

The difference

First, let’s deal with what both of these concepts refer to and what the difference between them is.

Authentication means verifying who someone is. This is what sign up and log in are for, the first one defines who you are, while the latter is where the authentication lies, in checking your user-id and password to match you with someone in the system; authentication answers the claim this is who I am with a yep, that’s who you are.

Tokens: the ‘I’m old enough to drink’ of web-based teens
Bouncers by Fabio Venni on Flickr under a CC License.

Authorization means verifying that someone has permission to perform an action. This refers to a certain user having or gaining access to a resource, this is usually done through the use of different types of user, e.g.AdministratorAnonymous Useretcauthorizations answers hey can I do this? with yep, you can or if it were an english teacher, can you? to which you would simply groan in disgust at this attempt at comedy.

Tokens

One common way to handle both these processes is through the use of tokens. A token is a series of characters, usually encoded, that represent both to whom the token belongs—to which account it is linked—and what type of access this token has.

An implementation of tokens that I’ve used is JWT (JSON Web Token). JWT consists in three parts: header, payload, and signature. The first two are all base64 encoded and separated by a dot (.), the signature is a bit different, it consists in the following:

EncryptionAlgorithm(base64( HEADER ) + "." + base64( PAYLOAD ), SECRET)

The signature part of a JWT consists in taking concatenation of the previous parts, both base64 encoded and separated by a dot, and encrypting and signing it with a SECRET key. As you may have guessed, JWT isn’t supposed to protect your payload from eavesdroppers, what it does is prove that a JWT was emitted by an entity within the system, because of that SECRET key that’s used to sign the signature part of the JWT. Because JWT still exposes user data, it is advised to not include something confidential inside them, what you may include in a JWT is:

  • Who this token represents—subject claim, user.
  • Who issued this JWTissuer claim, client application.
  • Who this JWT is meant for—audience claim, the server that’s meant to read it.
  • Up to when the token is valid—expires claim, the Unix Epoch up to which the JWT is valid, or, just if issued at is also provided, the time, in seconds, during which it is valid.
  • When this token was issued—issued at claim, the Unix Epoch.
  • Custom claims that don’t compromise confidential information, like level of access this token has.

JWTs should be used when a secure connection can be established, so as to not expose this data the public, just in case. As to where to store them I’ll link an article that explores that topic, as its another beast on its own: Where to Store your JWTs – Cookies vs HTML5 Web Storage.

– I swear its me.

References
Jones, M., Bradley, J., Sakimura, N. (December 9th, 2014). JSON Web Token (JWT). On RFC. Retrieved from https://tools.ietf.org/html/rfc7519#section-4.1
Abbot, T. (January 8th, 2016). Where to Store your JWTs – Cookies vs HTML5 Web Storage. On Stormpath. Retrieved from https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage

On Certifications

--Originally published at Ce qui est chouette

Do I really have to take an exam? But I already know this, can’t you just ask me some questions to test me? These are some of the questions one may be thinking when the topic of IT Certifications comes up. In this post I’ll try to put forth both sides of the argument regarding this topic, I’ll link some resources at the end so you can read more about the topic.

On Certifications
Exams by Leonora Giovanazzi on Flickr under a CC License.

We don’t need certifications

Certifications have shown to work well on industries like engineering, where one can specialize and get certified for various aspects of civil engineering, while another might go for the electrical engineering route. Both can go their merry way getting certified on bridge-building or electrical systems—I think at this point, its evident that my sources of information about these careers are limited to college brochures—because no one would expect an electrical engineer to build a bridge, and he might not be that excited about it, either. But in the software industries, areas do get intertwined, so perhaps certifications aren’t meant for us.

Experience in multiple areas is a plus, it’s an asset that can come in handy in attacking a problem from several angles. For industries like engineering, most things are set in stone, but software is in constant evolution, a certification you might get today may be obsolete come next year; at that rate, is it really worth the time and money required? Some may argue that a certification just means you’re good at passing tests—sidenote: that’s an issue I personally have with the way some companies handle job interviews.

On the other hand. . .

Some employers do look at certifications as a measure of quality and commitment to the area. Certifications serve the purpose of preventing the self-proclaimed expert from ruining your system. As stated in my previous post—about Ethical Hacking—certifications establish and keep track of minimum standards for specialists, and recognizes the individual as credentialed for whatever the topic of the certification may be.

If you’re willing to go through and get certified, here are some of the most requested for IT Security professionals:

  1. CISSP: Certified Information Systems Security Professional
  2. CISM: Certified Information Security Manager
  3. CompTIA Security+
  4. CEH: Certified Ethical Hacker
  5. GSEC: SANS GIAC Security Essentials

To read more on the topic, head over to references.

– Laters, alligat(e)rs.

References
Bolton, D. (July 9th, 2015). 5 Reasons Certifications Aren’t Worth It. On Dice. Retrieved from https://insights.dice.com/2015/07/09/5-reasons-certifications-arent-worth/
Tillman, G. (June 8th, 2010). Why IT certification is a really, really bad idea. On Computer World. Retrieved from https://www.computerworld.com/article/2518765/it-management/why-it-certification-is-a-really–really-bad-idea.html
Tittel, E., Lindros, K. (December 12th, 2017). Best Information Security Certifications 2018. On Tom’s IT Pro. Retrieved from http://www.tomsitpro.com/articles/information-security-certifications,2-205.html

 

Week 9 (1): p5.Sound

--Originally published at Ce qui est chouette

In order to play sounds client-side I researched what libraries could be used to do that without adding that much processing to the browser. And so I came onto p5.Sound, another p5 library, yep. Is there anything that isn’t done by these guys.

Week 9 (1): p5.Sound
Sound Desk by Roo Reynolds on Flickr under a CC License.

What does p5.Sound do?

p5.Sound allows the browser to preload SoundFiles and then call them to be played wherever in the scope that the sound was stored, since we’re using p5.SceneManager these sound files will be preloaded as the first scene loads, so that then whenever they’re called in the code, the SoundFile is ready to play. For background music I’ll be looping a song using a SoundLoop.

Next week will be dedicated to this coding and sound-searching.

– A musical dude.

Week 8 (1): Decisions decisions

--Originally published at Ce qui est chouette

This past week we worked on generating more ideas and features for the project, oh the struggle of not having a client. And so we’re going to add sound, more types of enemies  and trying to convince Gerardo, our PM, that sprites will simply ruin the experience. Maybe we can’t win every battle, but we’ll surely come out of this victorious.

Week 8 (1): Decisions decisions
Onwards by Juan Castillo on Flickr under a CC License.

– Primo Victoria

Week 8: it’s almost the end.

--Originally published at Ce qui est chouette

This week we’ll be refining the delivery for this friday’s sprint demo. That is finding bugs, and making sure everything works. Because we’re almost all done we’ll have a week-long sprint planning, to see what we can add to the final product that could be finished by the end of the semester.

Week 8: it’s almost the end.
End by Patrick Crowley on Flickr under a CC License.

– An almost . . . guy (?). No I’m a complete guy. So, a guy.

Week 7 (1): Refactored

--Originally published at Ce qui est chouette

This week’s work is done. It wasn’t that much. In reality, it wasn’t any, I just fixed a small bug with the time in that it went to negative numbers if one were to kill that many enemies—we didn’t intend that, so I set a hard limit at 0 seconds.

Week 7 (1): Refactored
Relax by Hamza Butt on Flickr under a CC License.

Apart  from that one thing, I refactored the code, removing unused lines of code and in some cases whole methods. This week was a vacation of some sorts for the  It’s not raining development team, but we’re ready to implement some more interesting stuff, like adding sounds and possibly a level creator.

– Someone with a one week vacation ahead.

Week 7: Issue Shortage

--Originally published at Ce qui est chouette

We’re running out of things to do, and we have to do some thinking on what can be added at this point. This week I’ve just received what I’ll be doing. I’m doing refactoring, checking what is not being used and removing it, adding comments to further explain anything that’s needed, and the like.

Week 7: Issue Shortage
Escasez by Oscar F. Hevia on Flickr under a CC License.

– Give me work.