Lucas Nicodemus

Founder @ Nyx Studios

Read this first

Colorado State University’s Directory: A Nightmare Waiting to Happen

Like many universities and colleges, Colorado State University has a directory. Unlike many universities, the CSU directory also contains the full legal name, college, department, major, mailing address, and phone number of every student enrolled on campus that hasn’t opted-out via RAMweb, the university’s student dashboard.

From a privacy and a security standpoint, this is a distressing concern. From potential stalkers and attackers to web spammers are able to find identifying personal information about a potential target with as little as a student’s name. The search does fuzzy matching on any input, making it not only possible to locate a specific person enrolled, but a collection of individuals with matching names instantaneously.

Their directory clearly appears to be developed for the purpose of locating students, indicating that this was surely not a case of “inclusion by...

Continue reading →

CyberPatriot Platinum Prediction Accuracy

This is a quick update on my previous post, which discussed predicting the platinum tier results for CyberPatriot Seven’s Round 1 & 2 combined scores. With the official results released and the state competition entering its final day, The Magi’s projections are becoming close to final. With this in mind, its worth asking: How accurate was The Magi in predicting platinum teams?

  • The Magi predicted 242 slots, and CPOC created 244 slots. 0.8% error in calculating the number of slots.
  • The Magi correctly projected 232 of 244 slots. 4.9% error.
  • CPOC promoted 12 teams into platinum that it did not predict.
  • CPOC demoted 9 teams from our predictions to gold.
  • CPOC demoted 1 team from our predictions to silver.

Note: Cisco will play an even greater role in advancement this round (20% in the platinum tier) than before.

To the teams that are predicted to be in the top three in their state:...

Continue reading →

Projecting CyberPatriot Outcomes

To view the live projections, go directly to The Magi.

CyberPatriot, the National Youth Cyber Education Program, hosts a new season of its cyber defense competition each year. For the last couple years, I have taken score data that they release publicly and projected outcomes for the open division in terms of advancement. With that system now publicly available and online, it’s worth discussing factors to think of when looking at the projection data.

Competition Changes

In previous CyberPatriot competitions, the advancement from the first round to the National Finals competition was (with minor variations from year to year) as follows:

  • Teams would compete in Round 1 and Round 2. Those scores would be combined, and a given number of top teams would advance to the semifinals.
  • Teams who did not advance to Semifinals would be given a state (and regional?) recognition round. These teams...

Continue reading →

Using Inbox

Inbox Zero Inbox is, in many ways, a step in a new direction for Google. Its launch page has, almost no information as to what it is, and it acts more as an intermediary layer on top of Gmail than a new product entirely. It uses Material Design, and unlike Gmail, which was partially a demonstration of how powerful AJAX apps could be, lacks any indication that it’s built on the same web technologies as its predecessor. Google isn’t marketing Inbox as a replacement for Gmail for new users, but is instead targeting people who are already fed up with email enough that sweeping most of the email out of the Inbox is the best way to go.

It’s worth comparing Inbox and Gmail side by side, but only for the sake of pointing out what Inbox doesn’t have. In order, these are Gmail and Inbox’s settings respectively:

Gmail settings Inbox settings 1 Inbox settings 2

Most Gmail users don’t have as many labels as I do, so expect these menus to be far less...

Continue reading →

The Past

The problem with thinking about the past is that it takes time and energy away from the present. Feeling nostalgic is always good, and thinking about fun memories is worth the expense – but it’s always worth thinking about the toll associated with the past before being consumed by it.

Reliving positive memories brings joy, but reliving negative ones does nothing but bring anxiety and anguish. The older the memory, the more irrelevant this anguish is today.

Every second spent thinking about the past is a second lost from the present, and a second lost from planning for the future.

Pick what you recall from the past wisely, lest you forget the present.

Continue reading →

> Branching Points

Sometimes I wonder about how my life would be different had I made one decision versus another, but I firmly believe in having no regrets about the past. So long as you’re happy with the present, there’s nothing to regret about the past. And if you’re not happy with the present, feeling regret won’t change it. The future is set by looking forward, not backward, and learning from the past while refusing to be hamstrung by it.

Chris writes the truth.

Continue reading →

Why Root?

The Android ‘L’ developer preview was released today, and I’ve installed it on my daily carry Nexus 5, despite the fact that root is currently unachievable.

I don’t necessarily consider this as much of a deal breaker as it used to be, though. Rooting was, to a certain extent, the best way to turn a good device into a great device, from battery saving custom kernels to customization and theme options.

In L, a lot of the benefits gained by rooting are now available in the OS itself. Project Volta is set to offer enhanced battery saving, and Material Design looks promising, even in the eyes of one of Android’s biggest critics.

The biggest sticking issue that kept me rooting, time and time again, was Titanium Backup (and more specifically, Google Authenticator). With L, I finally decided to call it quits and switch to Authy (root required; before updating to L, grab the database, then...

Continue reading →

Donation to Child’s Play

For the last few years, I’ve donated to Child’s Play through Mario Marathon. This year, I’m contributing $111.11 in a single donation.

This is for You & I. Thank you for bringing happiness into my life.

Continue reading →

Email to Day One

Day One is arguably one of the most clean and well developed journaling applications on the Mac platform. It plays nice with iOS, Apple’s natural complement to Mac, but everything else is dead in the water. So I wrote ETD, a script that imports emails and turns them into Day One entries.

The premise is fairly simple: email an address you specify with an image attached and your entry. The result will be converted into a Day One entry.

This is how you set it up.

Grab the script

Let’s start by grabbing the script. At this point, it would be helpful to install rvm if you haven’t already.

git clone cd email-to-DayOne rvm install '2.0' rvm use '2.0' bundle install cp config.yaml.example config.yaml 

Configure the script

Next, you’ll want to edit config.yaml to point to your email information. Assuming you have your own server, you’ll use...

Continue reading →

Never reset my password

How many times does someone have to be hacked before someone solves the ‘lost password’ dilemma?

Mat Honan was arguably one of the first and most prominent individuals affected, and now N has fallen victim to a very similar attack, again relying on social engineering to compromise an account. Not a man-in-the-middle attack, not a bad password, just a human at a computer. Again.

While it would be possible to identify partial solutions for each company (for instance, Twitter should not allow names to be taken immediately after an account is deleted), it is fruitless to assign the blame to one single party. The commonality between these two events is the willingness of customer services representatives to reset passwords or add information to accounts without solid proof that someone is who they say they are. Proof is given based on not necessarily public information, but information...

Continue reading →