Internet Safety: do NOT use an online resume generator

There may be some innocent online resume generators out there, but tread carefully. I recently had a look at resume.io for an acquaintance, and there is a security issue to address. Do NOT use resume.io, and if you have used it, please consider one remedial step (below).

cute kids fence curiosity

Personal Info

resume.io wants you to do the following:

  • create an account
  • provide a photograph
  • provide your birthdate

Those last two items should raise a red flag because in the U.S., at least, no resume should contain your photograph or birthdate. This is common knowledge, I think, and if you know it, you can skip the rest of this paragraph. If you don’t know it, let me assure you by saying that I have served multiple times on hiring committees and also performed the entire hiring process from start to finish while employed at an SMB. No one has ever included these data on a resume that I have received. I have been to multiple resume-building workshops in the last 20 years, and no one has ever suggested that these be included; in fact, some presenters have indicated that you must not include them. It is inappropriate to bias the employer, positively or negatively, based on your appearance or age.

So why would resume.io ask you to put these data on your resume? Because to generate the PDF of your resume, you submit these data to their server, and then they can do what they want with them, including selling them.

Dangers

Let’s look at the dangers of each of the items mentioned above, starting with account creation. This might not be a problem for you, but many people re-use passwords when signing up for services, so the owner of any site where you have created an account can run a bot that tries to login automatically to many high-value web sites using the password (and email) that you just provided. Most sites are not malicious, but a site that also unnecessarily asks for personal information such as a birthdate and photo is suspicious. Whatever the case, take this security lesson to heart: do not re-use passwords; each website gets its own unique password.

The security problems become compounded when we add your birthdate to the situtation: a birthdate is used by some institutions to confirm your identity. A pharmacy, for example, will often require you to give your birthday, so a hypothetical attacker might reach out to your pharmacy and ask for the status of your prescriptions because knowing what drugs a person is taking may be of use for malicious acts, such as blackmail in cases where a parent or spouse is unaware of a prescription you are on. That example may seem far afield of your own scenario, but be aware that the information you provide today may not come back to cause harm until many years into the future. It is easy for malicious actors to hold onto data for a long time, during which time your data may be sold to any number of other actors.

How about a photograph? It’s unlikely that someone will use it identify you in real life and then build a relationship of trust which can be exploited, but that doesn’t mean it is safe to share. Photographs can and have been used to create false social media accounts. I have heard one example of such a false account being insinuated into a person’s actual circle of acquaintances. Even if such an account does not harm you directly, it may be used to harm others, and it appears that the blame points back to you because all of the identifying details are accurate (name, birthdate, location, or whatever can be inferred from the resume you built).

resume.io also asks you to provide an address, which is another thing that does not belong on a resume. The website owner may have no personal use for this information, but malicious actors who purchase personal data for your city in bulk may now know what you look like, where you live, your birthdate, and your name.

Remedy

There is only one remedial step: if the password you used to create your account is one that you have used for other accounts, visit those other accounts and change their passwords.

There is no way to undo the act of sharing information, but you can learn a lesson from this experience:

  1. Don’t re-use passwords. Each online account gets its own unique password.
  2. It can become impossible to manage so many passwords. You may want to use an online or offline password manager. I do. If shopping for a password manager, consider the trust that you place in the provider. It does no good to use a product that may deliver your passwords in plaintext (not ciphertext) to the vendor.
  3. Don’t supply a birthdate, photos, or other personally identifying information online unless the recipient has a good reason to receive that information. Does a resume-building site need to know your birthdate?
  4. Whenever possible, supply a fake birthdate. (It’s okay if your facebook friends send birthday wishes on the wrong date just because facebook now thinks you were born in the spring instead of the fall. Say “thanks” regardless.) Even if you are prepared to supply a fake birthdate, think twice about proceeding with any website that asks you for a birthdate.

As a final piece of advice, do not use an online resume generator. Use a word processor, and export your resume as a PDF from the word processor itself.

Posted in Uncategorized | Leave a comment

Fullmetal Alchemist (GBA) Review: Can You Play This?

 

IMG_1304-0.JPGTL;DR: the Bottom Line

This game feels more like watching an anime than playing a game. (+) True to the source material. (-) Tedious gameplay.

Can You Play This?

The dialogue is the best aspect to the game, and it’s only in Japanese, so I can’t recommend this to Anglophones. Even if you loved only the combat, alchemy, graphics, you’d be dependent on dialogue to tell you which city or which quarter to visit next.

Overview

Reading dialogue quite honestly makes up most of the game. Outside of that the game is walking to where you are told to go, random encounters, and scripted battles.

Characters and Story

The characters are true to their manga and anime (at least Brotherhood; I’ve not watched the other) personas. (We see a bit more immaturity from Mustang than we tend to see in the canonical works, excepting the comical end matter one finds in the manga.)

You can play as Edward, Alphonse, Mustang, Hawkeye, and Armstrong. You can also play as original characters Connie and Martins. NPC’s from the source material include Hughs, Havoc, Gluttony, and Lust.

The story is not bad, I think at least on par with The Sacred Star of Milos. (The latter was in fact not very satisfying, but I find a game of even dull gameplay makes an otherwise mediocre story improved.) Story and the character portrayals are the only good reasons to play this game.

I question whether two points in the game violate cannon. (1) An NPC alchemist manages to make seemingly autonomous and intelligent replicas of humans. (2) Mustang and Hawkeye meet Lust and Gluttony before they would have in the source material.

IMG_1242-0.JPG

Gameplay

A great mechanic is the two-timer system, something perhaps not seen in earlier RPG’s: in combat, each character’s time bar fills in accordance with that character’s speed stat, and when the time bar is full, the player can select an action for that character. What’s unusual is that after selecting an action, the time bar turns green and needs to become full again before the chose action is performed. Some actions are “slower” than others, so if you want to throw a punch, you might do so immediately, but if a character wants to perform a costly transmutation (or if a character is simply less skilled at transmutation) then the green time bar may take a long time to fill.

This mechanic adds verisimilitude to RPG combat, and I would like to have seen it spread to many other RPG’s of the time.

IMG_1322-0.JPG

You never need to explore, and if you do explore, you won’t find anything except some extra cats (explained below). Talking to NPC’s is not interesting except for the required dialogue.

Your characters do get more HP as time passes (and possibly unlisted stats, but it’s impossible to tell), but random encounters do not contribute to this. Characters’ stats improve whether they are in your party or not. Combat isn’t fun except to get a feel for each of your characters, and that doesn’t take long, so there’s no reason not to run from random encounters unless it turns out that combat gives you money (I haven’t figured out from where the money comes, but I suspect that both it and HP just come automatically as the story progresses).

What’s the use of money? Not much. You can buy medicine, but I prefer to just keep a healer in my party.

Cats

Al can collect cats which you may find here and there, and he has one special move which releases a cat from his interior to attack an enemy in battle; this is a nice detail to include that shows a familiarity with Al’s character, but it is not a good gameplay element: finding more cats does not appear to increase your attack power (for all I can tell, and I picked up about eight of them), and the cat attack is pretty weak.

IMG_1302.JPG

Transmutation

Ed can transmute matter for combat or to open a way to progress through an area.

All cards represent substances. The have a nature (such as metal, plant, earth), a specific name (such as copper, gold, black water), and three numbers (two Arabic numbers and one Roman number). The Roman number indicates the value of the card, capped at 5. Higher levels produce more powerful attacks. The Arabic numbers place constraints on your ability to transmute substances: when you combine two cards, the Arabic numbers of the two cards are added; two cards cannot be combined if either of the Arabic numbers would fall above 7 or below 1.

You can hold 5 cards at a time. Whenever you discard a card or combine two cards, a new level-one card is randomly generated to fill the empty spot.

Ed can to be the strongest combatant if you take time before combat to combine elements to make higher-level substances, but this isn’t stimulating and requires little strategy. If you don’t combine substances outside of combat, Ed’s alchemy attacks will be limited to level-2 cards, and consequently, he will be one of the weaker combatants.

When alchemy is needed to progress through an area, it is always scripted and tedious: you are told what nature and numbers to generate, so you have to sit on the alchemy screen for possibly a long while, discarding cards until you get one that you can use to make exactly the card you need.

If non-combat alchemy had been open-ended and exploratory, it would have provided a good deal of engagement.

All characters besides Ed have a combat transmutation ability, but it does not make use of cards.

IMG_1301.JPG

 

Posted in Review | Leave a comment

Climbing Mt. Fuji: what you need and what you don’t

Cloud line when coming down from Mt Fuji

What should you purchase for a hike up Mt. Fuji, and what should you avoid?

Rain gear

It’s not unreasonable to expect rain on your hike.

You can rent rain gear from sundry locations, but there may be a better option. Our travel bus stopped at a small rental shop; a couple of our number had made gear reservations, but even without reservations, there was a lot of gear that the rest of us were free to rent. Rentals were surprisingly expensive.

For rain gear, I found that I was well protected with a cheap poncho, rain pants, and gaiters. You can get the former two at a combini such as 7-11 or perhaps cheaper at a Daiso (each less than 500 yen). You can get all three from a Konan (コーナン). The poncho will cover your pack in addition to yourself. No rain coat/jacket needed.

Another important piece of rain gear is boots:

Boots

A lot of the kids in my group wore their street shoes; I was grateful to have boots. Not only do they afford protection against long hours on the rocky mountain path, but they provide some protection against the rain.

For completely dry feet, you’ll want not only boots but legitimate gaiters (which cover the tongue of your boots). My socks became moist; the feet of many of others were rather less dry.

Your call, a rental for boots may be worthwhile.

Cold-weather clothing

The documents we were given advised us to bring cold-weather clothing. I never felt a need for long pants until we were at the summit and had stopped walking. The elevation is really rather high, and the winds were a bit strong. You may not want long pants, but bring a warm top.

Travel package

All you really need is a bus to and from the mountain. Even if a bus ticket is all you get, this should be the most expensive part of your hike.

We paid for a package which entailed a round-trip bus ride (9 hours each way from Osaka), a few hours’ rest on bunks in one of the stations along the trail, a few meals, and a stop at a bath on the way back. The Japanese bath was welcome after the exhausting hike.

Our hike started at 5:00pm at the 5th station on the mountain. We walked until the middle of the night, had an hour’s rest, and then resumed hiking to catch sunrise at the summit.

Guide

No. A guide actually didn’t cost our party much more than the non-guide package, but going with a guide roped us into a group of 40 or 50 people, and going in such a large group placed uncomfortable constraints on where and when would could take breaks and what speed we could go.

It was impossible to keep any kind of pace because the people least capable of climbing a mountain were taken to the front of a line, and they would take a few steps and then halt. Unfortunately, with the dense crowds of the brief climbing season (one can only climb Mt Fuji in summer), climbers were stacked bumper-to-bumper, so if you were halfway through a stride on uncertain footing, you’d be stuck in that position until the people at the front of your group decided to move again.

Lack of a regular pace and frequent stops at awkward stances made the walk more exhausting than it would otherwise have been.

To reduce crowds, I recommend going on a weekday rather than a weekend if you can.

Did the guide offer anything helpful? Only indicating which rest house was our appointed resting place. But the fact is that he got us there two hours late, so we had only one hour to lie down.

Head lamp

Hiking long hours after dark, a head lamp was beneficial. A handheld lamp would have sufficed, but the rental fee for a headlamp was only 500 yen at the shop. (Wearing it around my neck was a lot more comfortable than around my head.)

02

Some of our team brought liter-sized cans of oxygen. Apparently, a can was only 500 yen. But the oxygen was probably only a placebo. Nobody who tried the O2 noticed a benefit. I took a pull off of one can and noticed nothing at all.

Best practices while hiking

  • Drink small sips, drink frequently.
  • Don’t pause for breaks by the stations. They stink horribly from the latrines and the diesel generators.
Posted in Uncategorized | Leave a comment

Danu’s Lock | Magical Treasure Hunt 2013

When I say that the Box of Bog Bryg held an opera, I mean that it in fact held the entire 100-page score to an opera: Atalanta by George Frideric Handel.[1]

Naturally, we all understood — to varying degrees but all at once — that Remy’s last words pertained to this opera: Atalanta’s 15th aria, not Atlanta’s fifteenth area. We consulted the score’s index to find the 15th aria, and, as we should have expected, the vocal part belonged to the character of Irene. Unfortunately, Irene’s notes were written in C clef, but Jeanette actually made short work of them and played the melody without error on the pianoforte.

Not long into the aria, the lantern glowed pink, and we knew that we had found our key. We directed the lantern’s light onto the black jewel on the very large box and were rewarded with a loud thunk. The box opened, and inside we found another box! This box was locked fast and bore two keyholes in its face, separated by a medallion embedded in the surface of the wood. Of course we immediately tried the silver key in each of them, but it would not turn.

Inside the leathern pouch

The party was at a loss, and we reviewed the information we had collected so far for some clue to the opening of this box. Our attention returned to (among many other things), the pouch Brigit had sent on her homunculus’ penultimate call. More particularly, we re-read the excerpt from Le Morte d’Arthur.

It was discovered that the pouch and the letter (or perhaps the key?) which it contained were an analogy for the scabbard and sword in the text — or so we surmised from our supposition that Brigit’s intended message lay in Merlin’s assertion that the scabbard was of more value than the sword. The pouch in fact had something to teach us. Turning it inside out revealed that a message had been written on the inside of it:

The left lock will turn if I press my hand against the medallion until the lock clicks.

The solution

Honestly, our party pressed more than one palm against the medallion, and even after a very long time, the box made no response, and still the silver key would not turn.

The box in fact needed no hand at all, only something cold, as Brigit’s hand was. After chilling the medallion for a while, a thunk was heard from the box, and the silver key turned in the left keyhole. It would not turn in the right keyhole, however. Heating the medallion produced another thunk, and the key turned in the right keyhole. At last, the box opened, and inside was a clear crystal cut into the shape of an intricate snowflake.

The conclusion

After the success of our treasure hunt, the swamp began to recede, and before a week was out, the roads were passable once more. Dash and I legged it to Yvelines, where we obtained a carriage to collect the others.

You might think there would still be some fighting to do over the inheritance, but to the best of my knowledge, none of the claimants has pressed the matter even to this day. Being stranded as we were was an experience which I hardly wish to revisit even mentally. I am content to pretend the old estate never existed, and I suppose that the feeling is common to most of the party.


Building the dowry box

Dad and I actually built the two locks for the dowry box ourselves. It took me several designs before coming up with something reliable that was easy to construct. We cut the frame and bolt from some thick acrylic Dad had lying about, and the bolt’s stopping points were controlled by putting a large compression spring and ball bearing into a slot cut into the acrylic frame. The bolt had a couple of bumps along its length so that it would snap into position when moving past the ball catch.

In the back of each lock was a ward which blocked the keyway. The ward could be extracted via a pull solenoid controlled by the dowry box’s brain, an ATtiny85.

Alas, the temperature-sensitive lock did NOT work on game day. Luther and I worked on it to no end, and we had it mostly working a hundred different times in a hundred different ways, but we found that once any solenoid activated, it threw a wrench into the temperature sensor’s ability to deliver reliable readings. (We used a TMP36 for the sensor.) We tried attaching capacitors of various sizes immediately against the sensor, but it made no difference. The solenoids were each only about 1.5 or 2 inches away from the sensor, so perhaps there was nothing that could be done with the intense magnetic disruption that their activity caused.

You can find the code for the dowry box on my repo at github: https://github.com/Vaselinessa/treasure-hunt-des-marais/tree/master/dowry-box.

The opera

A nod goes to Matt Crook, whose brilliant puzzle concerning the tombs of Caesar Augustus in his Blood Faith installments served as inspiration for the Atlanta-Atalanta riddle. Seriously, go read Blood Faith if you haven’t done so. It’s probably shorter than 30,000 words in all.

[1] http://javanese.imslp.info/files/imglnks/usimg/0/07/IMSLP19079-PMLP44870-HG_Band_87.pdf

Posted in Treasure hunt | Leave a comment