Foam Lightsaber Games For Star Wars Day (Or Any Day For That Matter)!

Posted by TechyDad on May 4, 2015 under Geeky Pursuits, Star Wars

lightsabersToday is Star Wars Day, also known as May The Fourth.  (May The Fourth as in May The Force Be With You.)  Unlike last year, we don’t have any particularly geeky activities planned.  It helped that May 4th landed on a Saturday last year.  Mondays don’t lend themselves to elaborate celebrations.

Still, we might battle using our foam lightsabers.  Here’s how to make foam lightsabers.  The parts only cost about $1 per saber and I can attest that they last.  After a year of some serious use (we get really into our lightsaber battles), they are frayed but definitely still usable.   Sure, foam might fly off when our sabers clash, but that just adds a bit more realism, right?

The boys and I have come up with a few lightsaber related games.  The first involves having two lightsabers per person.  You do battle and any hit on a person results in them dropping a saber.  Once they have all sabers down, a final strike kills them off.   Last player standing wins.  On Sunday, we came up with a variation.  There’s still the two lightsabers per person and dropping as you get hit.  However, we designated a spot as "out."  When a player was killed, they retrieved their sabers, went to the out zone, and waiting for someone to tag them in (by touching sabers with them).  Then they could return for battle.  Since it was just my boys and me, our loyalties wavered.  With a big enough group, though, you could have teams.  The last team to have member(s) still "alive" wins.

Another game we developed was lightsaber tag.  For this, each player is armed with a lightsaber.  One player is designated "it."  Perhaps, they get a special color of saber to show people who is "it."  The person who is "it" chases everyone else.  "It" tries to tag the other players with his lightsaber.  Instead of a simple tag-and-run, though, players can choose to stand and fight.  Of course, you can’t kill the "out" player and neither can they be killed.  But perhaps they can deflect blows that would have been tags and keep "it" at bay long enough until they can make their escape.

Then, there’s bubble slashing.  This is especially good for the younger players, but older players might enjoy it too.  First, get an automatic bubble blowing machine.  You can do this by blowing bubbles yourself, but the bubble machine can blow more bubbles on a more regular basis.  Have the players slash as many bubbles as they can.  You can call the bubbles incoming droid fighters or enemy blaster fire to give it a more Star Wars feel.  There is no scoring here.  Just the joy of destroying bubbles using foam lightsabers.

It’s amazing how much running around kids (and adults) can do with just some foam pool noodles and duct/electrical tape.  With the summer approaching and parents "looking forward" to the kids being out of school all day, having an activity where you could either sit on the sidelines having the kids tire themselves out without you getting exhausted or jump into the fray is essential.  If it’s a geeky, Star Wars related activity then that’s all the better!

Share on Facebok
Share on Twitter
Share on Pinterest
Share on Google+

It’s The Geekend!

Posted by TechyDad on May 1, 2015 under Uncategorized

Today marks the start of a few days worth of events that fill my geeky heart with anticipation.

Friday – Avenging and Toons

Starting today, Avengers: Age of Ultron is released in theaters. My boys and I are big superhero fans. Specifically, we’ve loved every Marvel Cinematic Universe movie. (Nitpick: With TV offerings like Agents of SHIELD, Peggy Carter, and Daredevil joining the MCU, can it really be called “cinematic” anymore?)

Also today, our cord cutting lifestyle is going to get a lot better. Cartoon Network is releasing a lot of their shows on Hulu. I look forward to watching Adventure Time and other fun shows with my boys.

Saturday – Comics For Free

Saturday is Free Comic Book Day. My boys and I look forward to this every year. We take a trip to our local comic book shop and walk out with a bunch of comic books completely free. Geek is great, but Free Geek can’t be beat! (We may or may not buy a comic book or two while there.)

Sunday – Play More Games?

Honestly, Sunday doesn’t have many geeky activities planned. Perhaps we’ll fill this gap with some tabletop gaming. Munchkin or Pandemic would be a great geeky addition to the Geekend.

Monday – Star Wars Day

The Geekend extends to Monday with Star Wars Day on May 4th. As in “May the Fourth Be With You.” While we don’t have anything specific planned, maybe we’ll indulge in some Star Wars related activities after work/school.

How are you celebrating the Geekend?

Share on Facebok
Share on Twitter
Share on Pinterest
Share on Google+

Why You Need To Upgrade WordPress Now (and Back It Up While You’re At It)

Posted by TechyDad on April 28, 2015 under Blogging, Internet, Technology

Last week, there was a big announcement in the WordPress world about a security vulnerability existing within many plugins.  Plugin authors scrambled to fix the issues quickly while the call went out for everyone to update their plugins and Word Press installations.  As a web developer, I understood what the vulnerability was all about, why it could be so dangerous, and what an attacker could use it to do.  As I thought about it, though, I realized that non-web developers might need a quick primer on just what the problem was.

The Problem

Word Press can be a wonderful tool for developers.  Not only is it a Content Management System, but it has a series of functions available to programmers to use in the course of writing code.  You don’t have to re-invent the wheel because Word Press has built in functions that can be used to complete the job.  A long time ago, there might have been security concerns with WordPress’s functions.  Thankfully, though, the WordPress team has put a lot of effort into security.  Unfortunately, the documentation for a couple of the functions were vague.  Developers thought that two of the functions were sanitizing the user’s input when they weren’t.

Clean That Input

What does sanitizing input mean?  It means that a developer should never trust what a user enters into a system.  If a user is prompted to enter a number between 1 and 10, it shouldn’t be assumed that they didn’t type 11.  Or abc.  Or ‘ and 1=1; Delete From Users.  If the wrong user input is blindly accepted, the program might give bad results, crash, or – even worse – allow a malicious user to run commands that could compromise the security of the server, its data, and subsequent users.  Luckily, before user input is used, it can be checked and potentially harmful contents can be neutralized.  In the case of the WordPress vulnerability, the lack of cleaning up user input meant that a Cross-Site Scripting (XSS) attack could be formed.

What is XSS?

Cross Site Scripting (or XSS) happens when malicious user input placed on a website and is used to run scripts on a user’s computer.  Suppose, a blog had a comment page that had a XSS vulnerability.  An attacker could craft a link in the form of<script>document.cookie = "expires: Wed, 1 Apr 2015 12:00:00 UTC; path=/";</script>

This particular link would erase the person’s cookies – effectively logging the person out of the website.  Annoying, but ultimately harmful.  However, a more advanced form of this attack might read information stored in the cookie variables (e.g. usernames, passwords) and send them to the attacker (perhaps by using JavaScript to load an image with the data to send in the image’s link).  If the attacker sent this more advanced link to a user, he could take control of that user’s account.

Now, imagine a comment form.  The basic comment form is quite simple.  Just take the user’s comment and display it on the website.  Not hard, right?  If I input:

Very nice article.  I agree wholeheartedly.

then that should appear on the page.  What, however, should happen if I write:

Very nice article.  I agree wholeheartedly.  <form action=””>Credit Card Number: <input type=”text” name=”CCNumber” /><input type=”submit” /></form>

Should that appear on the page as is?  In case you don’t “speak HTML”, that comment – if left unfiltered – would make a form appear on the page asking for a user’s credit card number. This phony form won’t fool anyone, of course, but a more advanced version of this could wipe out all elements on a page and display a real looking login page – with the usernames/passwords being sent to the attacker (and logging the users in if the attacker wanted to be extra sneaky).  The form could also ask for a user’s personal information or payment information – compromising the user’s credit card number or other details.

In all of these cases, the attacker uses not only the XSS vulnerability, but the trustworthiness of the website being used to fool users.  If your users usually pay for access to your website, they might not think anything is wrong when your website suddenly reports that it needs to confirm the users’ credit card numbers.

How Do I Stop XSS?

Stopping Cross-Site Scripting attacks is actually very simple.  I even had to resort to it while writing this article.  My blog post editor kept wanting to turn some of the HTML tags into actual HTML.  To keep it from doing this, I replaced all “<” angle brackets with &lt; (the HTML code for “<“) and all “>” angle brackets with &gt (the HTML code for “>”).  Doing this to user input should make the attacker’s HTML code show instead of being interpreted and run.  Of course, to do this, you need to know how to work with the code behind websites.

But What About WordPress Plugins?

When you use WordPress plugins, you need to have some level of trust as to the quality of the code.  Few users have the time (or the skill) to pour over all of the code in all of their plugins to spot all of the vulnerabilities.  The best most users can hope for is that the developers (or users with the time and skill) find the bugs and fix them.  This fixes will be posted as updated versions.  This is why it is essential to keep WordPress, its plugins, and its themes up to date.  It doesn’t matter if the vulnerability in Really Cool Plugin was fixed in version 1.3 if you’re still running version 1.2.  And don’t think you can hide behind people not knowing what version you are running.  Hackers can use automated tools to scan many sites for many different vulnerabilities – only giving their attention to the openings that they want to exploit.

How do you update?

To update your WordPress installation, log into your WordPress installation’s admin panel (usually  Under Dashboard on the left hand side is a menu option called “Updates.”  Clicking this leads you to a page where you can update the WordPress core installation, plugins, and themes.  (In the case of the latter, bad coding can lead to security holes within themes which might be patched with a new version of the theme.)

What about plugins with no updates?

Not every plugin author updates his plugins on a timely fashion.  Whether because he is busy on other projects or because the plugin you are using isn’t being actively developed anymore, you might still find yourself running vulnerable plugins.  Worse still, you might not know it until the plugin is exploited.  There are security plugins that can be used to mitigate the risk, but in the end one of the best defenses is a good backup.  Make sure that you have backups of your website files as well as your database.  With luck, you’ll never need them, but if you do you will be glad that you had them.

Techydad Backup & Update Service.

There are many WordPress plugins that one can use to backup ones WordPress sites.  If anyone needs any assistance, I’d like to extend an offer, though.  I’ll backup your website and database once a week as well as run monthly updates on your site for a monthly fee.  If you are interested, contact me and we can discuss pricing.

Stay safe online and happy blogging, everyone!

Share on Facebok
Share on Twitter
Share on Pinterest
Share on Google+

The Opt Out Outcry – Students/Parents/Teachers Say High Stakes Testing Fails

Posted by TechyDad on April 20, 2015 under School

56206100_82c8a353f4_mLast month, Governor Cuomo pushed out his fifth on-time New York State budget.  During the vote, Democrat after Democrat stood up saying how horrible the budget was, particularly the education piece, yet one after another they voted for it.  They would all temper their yes vote "with a heavy heart" – a phrase that multiple people used so much back to back that it seemed almost coached as a result of political pressure .  "We know you hate this but if you want anything for your district next year, you’ll vote yes.  You can express your disapproval by saying ‘with a heavy heart.’  That’s acceptable, but vote no and your funds will dry up until you’re voted out."  Passing the budget on time (and avoiding any embarrassment that the governor might face with a late budget) took precedent over the actual budget contents.

What was so bad about the education component of the budget?  One word:  Testing.  I’ve been pretty vocal about opposing Common Core, specifically New York State’s implementation of it and the high stakes testing that results.  This budget doesn’t address any of the issues opponents of the testing regime had.  Instead, it doubles down on testing, making it part of a teacher’s evaluations.

Before this budget, most of a teacher’s evaluations came from observations by local administrators.  You know, the people who would know that teacher and his/her students the best.  Now, 50% of the evaluations come from testing.  Students will be tested in the beginning and end of the year.  If their scores don’t improve by an amount set by State Ed (after the test scores are in, mind you), the teacher will be said to have failed this portion of the testing.  It doesn’t matter if the student gets a 94% on the beginning of the year test.  If State Ed says that the students need to improve by 6 percentage points and the student gets a 99%, the teacher is a failure.  The other 50% of the teacher’s evaluation will come from a combination of local observation and from an outside observer.  Note that this observer doesn’t need to be an educator at all.  This is akin to having a plumber rate your surgeon.  After all, the former is a licensed professional, right?  So he should be able to accurately say how well your surgeon can remove an appendix.

The teacher’s evaluation score can be "ineffective", "developing", "effective", and "highly effective."  If the students don’t do well on the exams, the teacher can’t receive an "effective" or "highly effective" rating.  Not even if both observations show that the teacher is wonderful.  Instead, they must hope to get a "developing" rating.  If a teacher gets an "ineffective" rating for two years in a row, they can be charged with incompetence within 90 days.  If they get a third ineffective rating, they MUST be charged with incompetence within 30 days.  In the latter case, a teacher’s only defense will be fraud.  A teacher of special needs students can’t bring up that his kids don’t deal well with tests but that he actually inspires the kids to learn.  Instead, he’ll be declared incompetent.  The teacher of the advanced class won’t be allowed to point out that her kids simply don’t have the room to increase their previous scores like State Ed has mandated.  She’ll be kicked out for being incompetent.  Job security for a teacher will now mean that they might be three years from being booted from the profession.  After all, what school will hire a teacher who was fired for being incompetent?  (Even if "incompetent" really means "students didn’t test as well as State Ed said they needed to test.")

At this point, you might think "at least it can’t get any worse."  If you’re thinking that, then you don’t know Andrew Cuomo too well.  In 2013, Cuomo called for a "death penalty" for public schools that failed based on test scores.  Now, he’s enacted this in the form of receivership.  If a school falls within the bottom 5 percent of state test scores for three years, they’ll be declared a "failing school."  They will then have two years to turn this situation around.  If they haven’t (to State Ed’s satisfaction), a person or company can be assigned control of the school.  This receiver can even fire teachers and administrators and declare that the school will become a charter school.

Since all of these changes seem to center around students tests, you might start to wonder what’s so wrong with the tests.  After all, teachers give tests all the time.  won’t these tests just show how much students are learning?

The answer is that they won’t.  The first problem is that the tests are completely non-transparent.  Pearson writes the tests, gags students and teachers from speaking about the tests, grades the tests, and returns the students’ scores without showing what the student got right and what he/she got wrong.  Proponents of the tests say they will give us important information about how well our students are doing but how can you measure anything without detailed information about what the kids got right and wrong?  Suppose you asked how deep a hole was and I answered "42."  Do I mean inches?  Feet?  Miles?  Kilometers?  Maybe I mean that the hole is so deep that 42 people would need to stand on each others’ shoulders to reach the top.  Perhaps I mean that a ladder would need 42 rungs to reach the top.  It’s possible that I mean that it would take 42 seconds to reach the top when travelling at a specific speed (which I refused to divulge).  Without detail, that number means nothing.

It should be noted that last year, they were forced to release half of the questions that were on the test due to public outcry.  There is no guarantee that they will release any questions this year.  Even if they do, that doesn’t tell us how a student did.  If two students have same final score, it doesn’t mean that they are lacking in the same areas.  Without detailed information (see above), the numbers are meaningless.

Despite this gag order, some have been leaking test questions on social media and blogs.  In the case of teachers, this is usually done anonymously since attaching your name to this would mean immediate termination.  Students, though, have tweeted test questions after the fact.  When they do so, Pearson has been known to contact school districts about "security breaches" sometimes overstating the events so it seems as though the students’ actions are worse than they really are.  Here’s the problem with Pearson’s "gag order" on students.  For a company to order someone not to divulge information, they will usually have you sign a non-disclosure agreement (NDA).  The incentive to sign might be for employment, a peek into what they are developing (e.g. so you can make something compatible with their upcoming device), or to explore joint ventures with the company.  In each case, the person signing the NDA gets something in return for their silence.  The NDA is also voluntary.  Suppose I was seeking a job and my potential employer wanted me to sign an NDA.  I could refuse to do so knowing that this meant I wouldn’t by employed by that company.  It would be my choice.

What about students, though?  Students are too young to enter into contractual agreements.  Students can’t willingly sign contracts – at least not without the approval of their parents/guardians – because they are minors.  Without their voluntary agreement, Pearson can’t claim that students are breaking an NDA by revealing test information.  I’ll agree that a student taking a camera and tweeting photos of the test during the testing is breaking the rules.  However, once the student leaves the school, Pearson can’t dictate what he/she says or does on social media.  If a student tweets out a test question purely from memory, there’s nothing Pearson can do about it.

From the test leaks, the questions on the tests are shown to be highly age inappropriate.  Questions on the third grade test were found to be on a sixth grade reading level.  Sixth grade test questions were on a college reading level.  That’s right, our kids are now failing if our 8 year olds don’t read like 11 year olds and if our 11 year olds don’t read like 18+ year olds.  And remember that teachers’ jobs are tied to these scores.  Has your third grader’s teacher only raised their reading level to that of a fourth or fifth grader?  Well, that’s "ineffective" now so let’s kick that teacher out.

With all of this testing, what happens to education?  If it were just a day of tests and done, it might not be a big waste of time.  However, a total of 8 days are being spent on this round of testing.  Before that, many days are devoted to test preparation.  If teachers actually try to educate their students instead of preparing them for the tests, they run the risk of their students doing poorly, being assigned an "ineffective" rating, and being kicked out of the teaching profession.  So teachers must gear all of their lessons around the tests.  Real education is taking a back seat to filling in bubbles.  Not that I blame the teachers, mind you.  They are caught between a love for educating their students and their desire to stay employed.  It’s the politicians who crafted these rules who are to blame.

And now, finally, we get to the reaction.  Two years ago, we opted our older child out of the high stakes tests.  We were one of a very small number who did in our district.  Last year, the numbers rose quite a bit and our older child again opted out.  This year, he opted out for a third time and the numbers have soared.  (Our youngest will hit his first high stakes tests next year and will opt out.)  Parents, students, and teachers are uniting against this testing regime and saying that they won’t allow their kids to be abused in this manner.  In some districts, notably on Long Island, over 50% of students opted out.  The totals state wide aren’t in yet, but look to top 200,000.  They might even be 300,000.  (This is out of 1.1 million students.)

Now, some principals – pressured by state ed to reduce opt out numbers – will send a letter saying that they could lose funding for their school if they fall below 95% of kids being tested.  We were warned this too.  However, this isn’t true at all.  Not one school has had funding revoked for too much opting out.  In fact, with the number of students opting out growing, state ed would need to defund way too many schools.  I’d actually like to see them try to carry out this threat.  The surge of angry parents would be something to see.

The other lie that will be told is that your child doesn’t have the option to opt out.  Or that your child must express this verbally to the test proctor on the day of the test.  Or that your child must at least write his/her name on the test booklet.  All of these are falsehoods as well.  A child who opts out is given a "score" of 999.  A child can opt out via a parental letter at any time (even on the first day of the school year – though you should remind administrators closer to testing time).  And a child should NOT write on any testing booklet given to them.  Even marking it a small bit will cause that booklet to be counted.  Other districts will threaten students who opt out with loss of ability to participate in after school activities or honors programs or will say that these kids can opt out but must "sit and stare" and cannot do other work/reading (even if they are quiet).  These are all scare tactics designed to force kids into taking the tests.  If you encounter this, contact NYSAPE.  They can put you in touch with local advocates to help counter these threats.

I can’t help but smile as I see the reports of more and more opt outs across the state.  The more parents, students, and teachers who speak up, the more the pressure will be put on politicians to do away with high stakes testing and to get some sanity back into public education.

NOTE: The image above, titled "Frustration" is by Eric and is available under a Creative Commons Attribution-NoDerivs 2.0 Generic license via Flickr.

Share on Facebok
Share on Twitter
Share on Pinterest
Share on Google+

Working Together To Beat The #Tabletop Pandemic

Posted by TechyDad on April 15, 2015 under Games, Geeky Pursuits

pandemicIt’s no secret that I love playing tabletop games. However, at times, my oldest has a tough time with them. When dealing with Autism, social skills can be tricky to navigate. Simple things like winning a game gracefully or accepting when you lose can spiral out of control.

During the second Passover Seder, a family member brought Pandemic for us to play. I had heard of it before but never really to look closely at it much less play it. When we realized it was a cooperative game, my boys and I got excited. Instead of trying to best each other to the goal, we would be working together to win the game.

Unfortunately, our first game got cut short by the Seder, but we loved that small taste so much that we ordered it a few days later.

disease-spreadingIn Pandemic, each player controls a medical professional working to stop four plagues afflicting the world. You collect city cards to come up with a cure while trying to battle the diseases back. As the game progresses, more cities become infected, some so much that they infect neighboring cities. If this happens too many times before you find all four cures, the game is over and you lose.

Each player’s character has a special trait. The scientist can find a cure with four city cards instead of five. The researcher can pass city cards to other players without needing to be in that particular city. The medic can cure all of the disease in a city in one move before a cure is found. Only by working together can you find the cures before time runs out.

So far, we’ve played the game quite a few times. We’ve won every time, but some of those games were pretty close. We were also playing at the easiest level. We might ramp it up next time.

I’d recommend this game for anyone looking to work together as a family. The game says it is for two to four players age 8 and up. My eight year old had little trouble picking up the rules. Younger kids can play but might need help understanding what moves they can make. Since Pandemic is such a great cooperative game, I could even see it being used as a casual office team building tool.

Pandemic is a great game that encourages cooperation. Instead of fostering an "everyone for themselves" attitude, it encourages players to work together towards a common goal. This can lead to not only a fun time, but some great life lessons be they to a child learning appropriate social actions or coworkers trying to pool their strengths to succeed.

Share on Facebok
Share on Twitter
Share on Pinterest
Share on Google+