2009年5月31日 星期日

IC Version 1.4 Released

順應某人要求,特此通知:擱置了4個月的 X4 終於出現了。

歡迎投票表達 IC 的去向。

2009年5月27日 星期三

考試題目

88. Which of the following is a good suggestion for managing queues?
A) Discourage customers to come during the slack periods
B) Keep employees serving the customers out of sight
C) Segment customers to minimize waiting
D) Train the customers to be friendly
E) Develop a short-term solution for managing queues


真係睇一次笑一次。

2009年5月12日 星期二

Information Confidentiality

One major issue of information security is confidentiality. Today, information are not only just stored in one place, but also transmitted to different location.

According to Telecommunication Act of the US (1996), telecommunication defined as "the transmission, between or among points specified by the user, of information of the user’s choosing, without change in the form or content of the information as sent and received". Here we will focus on specifying destination points by the user, which allow information holder to send out the information confidentially and only selected recipients are allowed to access this piece of information.

We can see that there are different kind of terminals and user interfaces which allow users easily to specify the recipients of a certain piece of information. For example, you can use your mobile phone dial a number to make a phone call, and you expect that only the person/people who can access the terminal with that phone number will receive the phone call. Another example is that you can use your e-mail user interface to send e-mail to different people, and you expect that only the person/people who can access one of your listed e-mail account in the recipients list will be able to read your e-mail.

There are mainly three reasons that information will become no more confidential, or in other words, the information you sent out can be access by people whom you do not specified as one of the recipients. The first reason is the information was captured or sniffed during the transmission process, maybe due to the vulnerability of network medium. For example, in a computer network which use traditional network hub for data transmission, people can sniff the information sent out from any node of this network if he can access one of the node of this network, because of the fact that information will broadcast to every node by using old hub. Although the setting of computers will filter out information which do not belong to the certain computer during the broadcasting, this setting can be changed and yields a vulnerability.

The second reason is other people gain or steal one of your recipients' authority of access the information, or simply say, someone break in one of your recipients' account. It may cause by weak authorization process, or your recipients have weak security conscious like setting a weak password or sharing personal account with others. For example, I registered in a forum to discuss about riddle game made by someone. And for convenience (or lazy), I just use my login name as password. Then I start discuss with some other people by using private message. However, some smart guys break in to my account and read the discussion and answers of the game, which is not supposed to be happened. Hence, the strength of information confidentiality depends on the weakest access node (including the original owner, not just other recipients).

The third reason looks even more ridiculous then the second one, but it always happen, that is the owner specify the wrong people, or specify other unrelated people unconsciously. This thing will happen because you misuse the user interface, or you try to transmit the information in hurry. Recently I received an e-mail called "Re: X Course Peer Evaluation Form", which I am not supposed to receive. When I check out the CC list, it included all students who take this course. Probably the instructor send out the e-mail called "X Course Peer Evaluation Form", and then that person use "Reply All" to reply and submit his form, which comes out a catastrophe.

To prevent confidential information being captured by others, I suggest that to prevent using unprotected transmission medium, like WiFi hot spots without certifications. Also, do not use simple passwords or share personal account to others, which give out a chance that your account will have unauthorized access. And also tell this fact to your potential recipients, which also affect the strength of confidentiality. Last but not least, check the recipients information twice before you send out the information, then we would not have too many situations like: "Oh sorry, I made a wrong call."

謬論:分數與睡眠時間成正比

分數是否與睡眠時間成正比?
一日睡十多個小時,會不會較高分?


其實這裡討論的「睡眠時間」是上課時的睡眠時間。 =_=

根據以往經驗:
某歷史課:上兩個鐘,訓個半鐘。播播下電影都可以訓。 --> Result: A
某統計課:上個半鐘,訓半個鐘。條友狂搞爛 gag 都繼續訓。 --> Result: A-
某會計課:九點堂,但冇訓過。 --> Result: B



最近上 I____61 睡眠時間上升。看來 A+ 指日可待。