Review week #9

--Originally published at How to HACK or not

After finishing what we had pending about the mockups and the presentation of our advances, we continue with the planning of  what we are going to use for our app and  also how we could do it. So, some ideas that the team had were:  continuing with the idea of developing our applications for an iOS enviroment, were we are implementing it in native. And also with that we are working in the integration of Google maps and with it the geolocalization.

We had a good start of the week by plannung these, but unfortunately we could´t go to the reunion with ken for feedback.

Review Week 6 – Finishing mockups

--Originally published at How to HACK or not

The plan for this week was  to see what we needed to finish: the UI mockups and some other requirements, for that reasons we went to talk with Ken about our advances principally the part where we tell our users about the use of their “personal information” for our app, we show him our privacy message and well he made us some recomendations of a more friendly way to ask for this, and we are changing this.

Also another one was to try to make modifications to our way to show the gps location of our users .


These are some of the things that we have to correct before continuing with the test of the application, we will continue seeing what else we need to improve before having a first beta version.

I’m not living in a smart city

--Originally published at How to HACK or not

Last week, we didn’t have a class because of our beautiful and not well followed constitution so we didn’t discuss any topic in class BUT I did went to work, school, meetings, parties, towns so I will talk about that, how the city I’m living is not that smart as a “Mexican silicon valley” should be.

The first thing is the lack of bridges or bridges in places that don’t have sense. I am talking about the bridges for pedestrians. I work in an office located in a very crowded avenue so it’s almost impossible to cross from one side to another unless you walk 500mts and try to cross in the crosswalk which activates the green line each 5minutes for 5 seconds so you may end up in the middle of the avenue. Why don’t you get off of your bus closer to your job you may ask, let me answer: I am lazy, obviously I’m taking the bus that leaves me the closest to my job which is in the other way of the avenue, well there’s another that may leave me at least in the same side as my job BUT if I want to take this bus I have to take another one to reach the place for that bus and I am not that smart taking buses.

Another thing that makes me believe my city ain’t smart is how they try to be smart but are too lazy to do it. The other day I went to Walmart and the made a big area for picking what you may buy online with a special zone, different colors, etc. But it wasn’t working, they had the place closed by yellow tapes like a crime scene. And the reason a get mad about this is because when

Continue reading "I’m not living in a smart city"

Personal experience in Smart Cities

--Originally published at How to HACK or not

Hello, there. This is my introduction to a new category, also for my Smart Cities class, but in this one I will be talking in singular, just about me and how I feel on it, my experience with the class, pues. (It’s from norteños ending and explanation with “pues”).

Anyways, this course begun 2 classes ago and what can I say about it. First I have to say that in all my career I have never been in a class with the majority of my friends, it is awesome to share the class with them and furthermore be 1 team (that later become 2 bc it was to big 🙄). Second: the professor, well, it’s Ken, everyone loves Ken, he was the first professor I toke a software related class with (fundamentals of programming).

In the first class he asked what we believe the course was about, and not it is not about smart cities, it is about how to build a smart city. That’s all. The second class was about planning our project which is in our team blog post The beginning and Weekly Plan #1 Smart Cities. Go and check them out. Peace.

Cryptography pt. 2: STATS

--Originally published at How to HACK or not

I will now begin with a series of three last posts. Each one will have as a topic one of the topics of the course we haven seen, but with a different approach. I will talk about the topic but tried to be applied in our project, and by which means could be.

Starting with cryptography. We will need to use cryptography in our project, and I talked about it in that post, because we are managing many important information. Usernames and passwords are going to be stored in the database, as well as the results that will get from using the game. All these things are better not be seen from the outside, so they must be difficult to read and impossible to understand.

One of the alternatives we thought at the beginning was to use the methods that the tool we used could have. When we started using php (thing we don’t do now) we were planning to implement one of the functions that could make a big hash of the text that we were planning to store. It could work because it used md5 algorithm, but one of the problems we could have was that the key to decrypt the text had to be saved in the php script, which could make it vulnerable at the end.

We’ve also seen that the MySQL system we are using also implements some methods in the insert commands. MySQL has some interesting methods that work with AES scheme (Advanced Encryption Standard). This can also sound good, but still we have the same key problem. That’s why we thought of getting doing a cutomized key for each user. Constructing a key using some characters from its name and last name resulted in a different key for each person, thus making it Continue reading "Cryptography pt. 2: STATS"

Code of Ethics

--Originally published at Computer Security

Every day millions of applications are being used by a lot of people around the world, but how much do we know about the usability of the app, the terms and conditions, the privacy policy and the use of our personal data? How sure are we  about some application is tracking our activities or collecting our data for personal benefit, like selling our data?

There exists a code of ethics for software engineers. In this code of ethics there are some principles that talks about usability of the app, relation with the clients, as well as the use  and the protection of the personal data of the users. Every company or freelance programmer that designs an application or system has the responsibility of follow the code of ethics to guarantee developing the system in the more ethical way possible without affecting the society.

One point that caught my attention and seems interesting for me is the one that talks about the protection of the personal data. Since some applications deal with sensitive data, the programmer must always encrypt it to ensure security and hence letting the user know that his informations is secure and protected, thus it ensures confidence. There exists a lot of established encryption methods, is not a good practice write our own. The smaller the company is, the lower possibility to get attacked by non-ethical programmers, but because the company is small, it exists the possibility that the security protocols are weak because it doesn’t invest a lot of money on security. If we’re using a web application, we will always have to ensure that it uses an encrypted connection (HTTPS).

All apps must have established its privacy policy and terms of conditions, and letting the user know when these documents have some modifications. (Even nobody read

Continue reading "Code of Ethics"

Modo Incógnito – “JA”

--Originally published at Security

Sí, el hecho de que naveguemos en modo incógnito, eliminemos las cookies, el historial o inclusive usemos extensiones como AdBlocker o PrivateBadger no nos exenta de que al visitar una página o dar click a un link nuestra huella queda ahí para siempre, y esto es algo realmente a considerar. Un día mi compañero Gerardo Velasco me dijo algo parecido a, si no quieres que algo se sepa y permanezca para siempre, primero, no lo hagas o digas y segundo, no lo subas a internet. Lo cual es un excelente consejo que tengo presente muy seguido en mi vida.

Sabemos que esto no es un comentario que cualquier persona “común” diría, el lo sabe porque está consciente y conoce de los riesgos, lo alarmante es que la mayoría de personas no lo hace y confía ciegamente en usar el internet. Por esto creo que nosotros como desarrolladores, quienes conocemos los riesgos, tenemos la responsabilidad de hacer sistemas seguros. Debido a lo anterior es que decidimos mantener la confidencialidad  y en nuestra aplicación, para que el usuario se siente seguro, que se respeta su privacidad y que su información sólo sera usada en pro del él. Con esto en mente es que decidimos usar la mínima información personal de los niños y la que almacenamos está codificada, todo en aras de la tranquilidad del usuario.

Siempre recuerden, que cuando subes o ves algo en internet, existe el riesgo que lo vean más personas de las que deseas, piensen dos veces que sitios visitan y qué aspectos de su vida privada comparten.


Integridad en nuestros datos.

--Originally published at Security

Primero que nada, ¿qué es tener integridad en nuestros datos? Esto significa que se mantiene la consistencia de los datos durante todo el ciclo de vida de los mismos (Creación-Procesamiento-Análisis-Preservación-Acceso-Reutilización). Esto es muy importante por varios aspectos, desde el punto de vista de negocios para las empresas que venden datos, como para la buena imagen que da una empresa con un correcto manejo de datos.

La manera en cómo definimos nuestro ER Diagram es muy simple, tenemos sólo como atributos los datos de los niños que nos interesan y pueden ser útiles, no todos. Usamos su número de lista como key value para relacionar las tablas ya que nuestra base de datos es de tipo relacional. El manejo de datos que hacemos es bastante simple, guardamos información en cuanto se hace el registro del niño y la información que se añade o actualiza posteriormente son los aciertos, errores y tiempo en cada nivel. El análisis de datos que propusimos es en el único momento que se manipulan los datos, y estos datos son sólo los generados a través de la app y no los personales del niño.

Como mencioné anteriormente nuestra decisión de alojar nuestro servidor de base de datos en AWS fue pensada en tener el respaldo y calidad de una empresa tan grande como lo es Amazon.


Seguridad imposible.

--Originally published at Security

El tener completa seguridad en un sistema es prácticamente imposible, sería como destacar en cada aspecto o ser increíblemente bueno en todo lo que se hace, y estoy seguro lector, que tú así como yo, no lo eres.

Y eso no quiere decir que esté mal, así como en nuestra persona hay que estar consientes de nuestras debilidades para fortalecerlas, igual en un sistema, ya que como vimos en clase, un sistema es tan seguro, como la menos segura de sus partes. Siendo así, lo más importante es ver cuáles son los aspectos a proteger del sistema, y enfocar la mayor atención y el trabajo en asegurar esa área.

Nosotros estamos trabajando con datos personales de los niños, por esto y con lo anterior en mente es que decidimos tomar ciertas medidas y tener las siguientes acciones al respecto.

  1. Actualizamos Phaser (2.9.2), nosotros estábamos trabajando con una versión de Phaser (2.4.4) que ya tenía casi dos años de haber salido, esto con el fin de tener mejor soporte y contar con los servicios más actuales, porque como vimos en clase, nunca es bueno contar con la versión pasada de algún software.
  2. Decidimos tener una compañía de renombre que nos respaldara, AWS, esto es muy útil ya que en el caso de tener alguna filtración de datos, contaríamos con su apoyo además de la seguridad que brinda.
  3. Usamos Passport Js para la autentificación de usuarios y Bcrypt para la codificación de datos en la base de datos (SQL).
  4. Tener certificados de seguridad y el protocolo HTTPS

Estas fueron las principales medidas que tomamos, ya que el almacenar información de menores no es algo que se deba tomar a la ligera y menos si esto llega a crecer e implementarse en más de una escuela.

Three golden rules

--Originally published at How to HACK

During this course we have learned a lot about security, our task during this semester is to create a solution to help children in elementary school to learn mathematics, and of course we have to take care of its own security.

There’s a lot of rules that can help us in order to secure a system. I found one, that made me laugh a lot, this post says that the three golden rules for not having security issues were: do not own a computer, do not turn it on and do not use it. Of course that’s not useful for us.

So, we need to set other rules, and these are the ones I found:

  1. Review repeated times the code and test the security often. This means prioritizing and knowing the strengths and weaknesses.
  2. Continuous development. World changes everyday and security must, as well.
  3. Managers must take responsibilities. I think security is a task that developers and managers should be responsible of, but yeah, all the responsibility will lie in the manager, so, the manager should be more worried about it.

Security measures should be taken for our project, because it will work with people’s information. The rules listed above must be applied on it. Testing it many times, to assure that the methods are correctly implemented, offering maintenance services for sure and assuming the responsibility as long as it is used correctly.