It’s easy to get caught up in interviews, assignments, projects, midterms, and late nights playing board games. Don’t forget to sleep! As much as your friends may brag about getting through the week on three hours of sleep, you’ll be much more productive if your manage your energy and get enough sleep through the week.
You will find many opportunities to make decisions in your life. You might be choosing between sleeping or studying for another three hours, between a co-op opportunity in the San Francisco Bay Area or a co-op opportunity in Kitchener, or between pasta or breaded fish at the cafeteria.
So why are you wasting your time doing things you don’t like and that won’t take you a step closer to reaching your goals? When you put down this paper, go do something that will make your life better.
If you are (un)fortunate enough to be in a program with a cohort, think very carefully before dating someone in your class. There are so many ways it could end horribly. I’ll let your imagination run wild here.
If you were one of the people who enjoyed volunteering in high school, don’t just give up on it now that you’re here! Even if you’re not in Engineering, WE-Connect, part of Waterloo Engineering Outreach, is involved with many events where you can get involved. Every year, volunteers are needed for the FIRST Lego League and the FIRST Robotics Regional Competition on campus. Become an Orientation leader. Start a business on campus. Run for student government. Get involved!
Whenever you go on Facebook, Twitter, or OMGUW, remember that you’re representing the university - whether you like it or not. We’ll have to see whether we’re going to clamp down and not put anything on the Internet, or whether we’re going to accept that people do stupid things and that it’s funny. Until then, think before you post.
]]>I wonder when 4 GB+ virtual machine images became the norm in CS classes at this institution, but it’s clear that the network infrastructure outside of campus is clearly not ready to handle dozens of students downloading such large files all at once.
zsync is a tool that uses the rsync algorithm to download a file from a server, but with pre-computed metadata to help the algorithm scale well (and run over regular web servers). This allows users to resume incomplete downloads and verify your file is complete in one step. Packages may be available for your Linux distribution of choice. As of the time of writing, it’s available on homebrew (Mac) and Cygwin (Windows) as well. Sources can also be downloaded from http://zsync.moria.org.uk/downloads.
I first ran into zsync when I was downloading a Ubuntu release, and I’ve started using it over jigdo.
For TAs and support staff, making content available by zsync is straightforward. Simply run:
zsyncmake -C -e -u <url> <file>
For example, for the CS 136 VM, one could run:
zsyncmake -C -e -u http://www.student.cs.uwaterloo.ca/~cs136/VirtualMachine/CS136.ova ~cs136/public_html/VirtualMachine/CS136.ova
This creates a <file>.zsync file containing metadata and checksums which the zsync client can use. Simply make this file available in public_html (perhaps in the same folder as the Open Virtualization Archive (OVA) itself).
For students, once zsync is installed, downloading a file is as simple as
zsync <url>
Where <url> is the URL of the .zsync metadata file. The man page contains details on other flags, which may be useful if you are resuming an incomplete download or trying to sync from a file with a different name and similar contents (e.g. a previous version of a virtual machine).
]]>Last week, nearly two dozen students represented Waterloo at the Canadian Undergraduate Software Engineering Conference (CUSEC) in Montreal, Quebec. In between shivering through the Montreal Winter, discovering the RESO (underground city), and trying to help egg-cat with their homework assignments, we absorbed knowledge from the following speakers:
Alexis Ohanian, founder of Reddit, spoke about progress made against SOPA/PIPA; how it is the World’s Internet, not America’s Internet; how the fight isn’t nearly over yet.
Jeremy Ashkenas, creator of CoffeeScript, argued the case for code as an art form, rather than just a process to be engineered.
Greg Kroah-Hartman, Linux kernel developer, talked about how big the kernel is, how much it changes every day, and how to get involved contributing patches as a kernel newbie.
Bret Victor, known for designing experimental UI concepts at Apple, discussed how current code-compile-debug cycles require the programmer to execute code in one’s head, and that the latency of interaction for developers makes it difficult to discover novel things about code. He also demoed a real-time JavaScript IDE concept that updated a canvas in real time, allowed variables’ values to be tweaked by dragging sliders, and displayed the trajectory of a player across time. He then spoke about having a guiding principle, gave examples of historical figures with guiding principles, and then discussed the pros and cons of living by your own guiding principle – to a standing ovation.
Manveer Heir, Senior Designer at BioWare, warned everyone sternly to stay as far away from the game industry as possible – before telling those who remained how to get in, and what it’s like in the industry.
In between speakers, we ran around handing out resumes and making pleasant conversation, rode up and down the hotel elevators, and talked in our sleep. We played chess amongst ourselves at games night, taught the first-years how to tip at a pub, and made it back to Waterloo.
Now for a week of catching up on assignments and studying for quizzes.
Maybe we’ll actually get a chance to pay back some of our sleep debt. Next week.
]]>When I was in first year, I went without a laptop.
Why?
Laptops are heavy, expensive, or both. Their bright, ever-flashing screens potentially distract dozens of one’s peers when used in lecture halls. You’re always hunting for the next electrical outlet, so that you’re not locked out of your own data by a dead battery. They depreciate in value really quickly.
They told me that it was possible to complete all my assignments without a laptop. We had labs on campus, after all. Granted, campus was really far from Ron Eydt Village for those long, cold, February nights, but at least they were there. At least one was open, no matter what hour of day or night. If there was ever a night where I had trouble sleeping, I could procrastinate on Facebook for an hour or two before diving into nano (– I hadn’t yet bothered to try out vim or emacs –), finishing off my assignment, and uploading my code to Marmoset.
This term, I realized something was different. The Piazza group for CS 136 contained this question:
Linux Labs
Just wondering where exactly the Linux labs are? http://www.cs.uwaterloo.ca/cscf/teaching/labs Lists the Linux labs as CS488 students only - any ideas?
And, in one of the follow-up responses:
So I can login in MC3006, but I’m not logging into a Ubuntu system. I have gedit, but not RunC. What am I screwing up here?
It occurs to me that there no longer appears to be a documented 24/7 X11/RDP lab for general use by CS students.
Not that there aren’t options. There are certainly alternatives – one could use the RDP clients maintained by MFCF to access their Solaris and Windows machines, and then use SSH (and probably X-forwarding) to access the undergraduate CS environment. One could likewise use SSH/X-forwarding/Portable Xming on the Nexus machines maintained by other faculties, like Engineering or AHS. Or one could figure out how to get X-forwarding to work in one of the Mac labs – though that tends to be more hit-and-miss than I’d like.
One could also skip lectures to do the assignments during the few precious hours when the labs actually are open, Monday to Friday, 0800 to 2100. Gosh, my bank has better hours than that. It’s open on Saturday, for example.
As for me; I’ve been borrowing my friend’s old laptops for almost eight months now. I hate this feeling of being constantly chained to the edges of the room where laptop outlets exist. I miss all times I met and absorbed knowledge from upper-years at two in the morning. I feel less like a ninja and more like a zombie. I’m also constantly afraid that I’ll submit an assignment that works just fine when run over SSH X-forwarding, and yet mysteriously breaks when run on ye olde thin client. Perhaps I’m being paranoid. I do wonder, though, whether I’d survive, if I was a first-year today.
]]>WARNING: Two-Factor Authentication isn’t for everybody. Just as it helps keep bad people out of your account(s), it can be just as easily used to lock yourself out of your own account(s). You lose access to your account if your phone is stolen or wiped, your phone’s battery dies, if the time on your phone is inaccurate, or if you accidentally delete your key from your phone.Make sure you know what you’re doing and evaluate the risks and benefits before you consider enabling Google Authenticator, or any other form of two-factor authentication.
Today, many of us store lots of data in the cloud. Many of us archive years’ worth of email in GMail, store hundreds (thousands?) on Facebook, and host our websites on self-managed Virtual Private Servers. (Okay, maybe not all of us do that last one, but enough of my classmates do that I think it’s worth thinking about.) And it’s not uncommon for all of this data to be protected by mere six to eight character alphanumeric passwords. While most of you are too smart to use a password that can be found in a dictionary, I wonder: How many of you use the same password across multiple sites on the Internet? How many of you store your WatIAM password in plaintext on your hard drive? Could you bear to lose all those precious emails to the actions of a malicious stranger? Could you bear to have one of your peers reject your dream co-op job on your behalf after swiping your password after “borrowing” your laptop? While Google Authenticator won’t help with your JobMine woes, it can help you protect your email account from being compromised – because an attacker would need both your password and your phone in order to access your account remotely.
Google Authenticator is comprised of two parts - software that runs on your smartphone to generate time-based one-time passwords (TOTPs), and software on the server side which should be capable of verifying those one-time passwords. The smartphone software is available for iOS (3.1.3+), Android (1.5+), and BlackBerry (4.5-6.0) devices. Enabling Google Authenticator is outside of the scope of this article, but if you perform a search with your favourite search engine, you’ll likely find instructions on how to use it.
I’ve spent the past two weeks using Google Authenticator. It hasn’t particularly been a walk in the park, but it’s quite functional.
Initially setting up the application-specific password for my phone to use to sync with GMail took a bit of fiddling. I’ve had to be especially careful about making sure my phone’s battery never dies (and making sure I always have my spare battery fully charged). Pulling my phone out and unlocking it in the middle of what used to be a five second email check is a bit cumbersome. After a while, though, the extra password step becomes routine when I’m using Google services on an untrusted (e.g. work) computer. I’ve also had to forego my usual experimenting with new Android ROMs because I need my phone to be stable if I want to be able to access… well, everything. Little inconveniences… but that’s all security really is, these days.
That said, there’s been some pretty nifty stuff too. The other day I also discovered that LastPass supports Google Authenticator as a second factor. Granted, it’s a bit awkward to use LastPass with Google services (enter a password and a TOTP to access software that fills in a username and password so I can be asked for another TOTP… :/) so I’ve gone back to using a memorable password for Google, but I’ve now started using LastPass handle some of the other passwords in my life. As well, a few hours ago, I managed to get the Google Authenticator PAM to work on one of my servers. Granted, dealing with time skew was an issue (the server takes the time from the Dom0, which isn’t particularly in sync with internet time…) but apart from some hacks (answering yes an extra time during configuration) to deal with that, it works rather nicely.
To be honest, though, I’m not sure how much longer I’ll keep using Google Authenticator. On the one hand, once I got past the initial set-up, things worked really well. On the other hand, I still have to deal with using the same password to access unofficial student records, enroll in classes, rank job offers, and check homework assignments online. Half of the banks I use still demand that online banking use an alphanumeric password that is exactly six, seven, or eight characters long. It seems somewhat silly by comparison to protect years-old email exchanges with two-factor auth when some supreme entity or other has declared such short alphanumeric passwords as sufficient for almost everything else in my life.
I do think it’d be absurd to try and force everyone to use two-factor auth. It depends on what trade-offs each user is willing to make. As it is, I’m forced to use a “stronger” password to log on to a computer in a CS lab (which easily happens every day) and a weaker password to enroll in classes (which happens maybe once a term) and a weaker password yet to tell my bank to pay my tuition for the term. Why? It should clearly be the other way around.
Still, for the paranoid among us… Google Authenticator is there. The source is available… or you can just use it. Or not. The decision is yours to make.
]]>