Saturday, March 9, 2019

Spending one week in Royal Holloway, University of London

I have to the chance to spend one week in Royal Holloway, University of London (RHUL) where I attended the module 'Smart Cards' with a friend from Oxford. 'Smart Cards' is module is run by the CDT in Cyber Security at RHUL.

Besides attending the classes, I have done a lot of interesting things during my time in RHUL. RHUL is located in Egham, a small town in the south east of England. It was incredible to spend one week over there and I've had a lot of fun! Here is how my whole trip went (17 February 2019 until 22 February 2019):

Day 1: Arrival at The Hub 

We've arrived at Egham afternoon and took a bus to the RHUL campus:

The campus looked absolutely stunning, entering RHUL: 

Other nice shots:

There is a lot of green on campus, which makes it more beautiful:

RHUL also has great events:

I was extremely impressed by their modern library, which is in a building named Emily Wilding Davison Building. It looked very beautiful and I have studied in it for the rest of the week. The building have had an investment of £57m!

RHUL at night:

I've also visited their beautiful Chapel:

For dinner, we headed to CASPARI, an Italian restaurant:

The meals were really nice:

I was allocated a room at The Hub Guesthouse; a place where they offer guest rooms that look like a hotel. My room was quite small but it had a great view! The location of the room was ideal as it was close to classes and other universities facilities. Here are some photos:

Day 2: First (and long) day of classes 

We've had breakfast in their dining hall, which looked pretty:

The, we headed back to this large lecture room for the module:

Lectures schedule:

As for dinner, we tried Prezzo, another Italian restaurant:

Day 3: Haircut and Shisha

I've had a great haircut on this day, I found  many beautiful places in Egham such as: Strode's College:

The shisha wasn't so good though: 

Day 4: Bar and Breakfast

We had a nice breakfast in the Hall again:

We also tried The Hub Dining Hall, which had a great variety of options:

At night, we met one student from RHUL Cyber Security and had a great time at a pub called The Happy Man:

Day 5: Bowling 

On this day, we went to social event with RHUL Cyber Security people where we did some bowling:

Day 6: Leaving RHUL

We had a really nice breakfast at RHUL Boiler House: 

Last photos in a sunny day at RHUL before leaving:


Tuesday, January 1, 2019

Shocked after knowing that I spent £1394.45 on Blizzard Entertainment's Hearthstone

In Summer 2017, my friend from Lebanon introduced me to one legendary collectible cards game called Hearthstone. Here is a short summary of Hearthstone's success from Wikipedia:

Hearthstone, originally Hearthstone: Heroes of Warcraft, is a free-to-play online collectible card video game developed and published by Blizzard Entertainment. Having been released worldwide on March 11, 2014, Hearthstone builds upon the existing lore of the Warcraft series by using the same elements, characters, and relics. It was first released for Microsoft Windows and macOS, with support for iOS and Android devices being added later. The game features cross-platform play, allowing players on any supported device to compete with one another, restricted only by geographical region account limits.

The game has been favorably reviewed by critics and has been a success for Blizzard, earning nearly US$40 million per month as of August 2017. As of November 2018, Blizzard has reported more than 100 million Hearthstone players. The game has become popular as an esport, with cash prize tournaments hosted by Blizzard and other organizers.

Up until 1 January 2019, I've played it probably for hundreds of hours. It has been a fun and portal game. Here is a video on Youtube of me playing against a Twitch streamer:

However, Hearthstone is an expensive game. According to an article from Polygon, Hearthstone costs on average 400$ per year:

Blizzard released Kobolds and Catacombs, its latest expansion for Hearthstone, on Dec. 7. The expansion adds 135 new cards to the game, and brings some interesting deck possibilities into the mix, but players are getting frustrated with the increasing cost of keeping up with the game’s competitive scene.

Both the games media and prominent community voices have started talking about how incredibly expensive this game has become, and the data supports their unease. It has never been more expensive to play Hearthstone competitively.

The fact that I've spent that amount of money on a video is insane. Despite my love for Blizzard's Hearthstone and despite the fact that Hearthstone is extremely expensive, I feel that this was a case of serious and reckless spending. I've taken the decision to not spend any money anymore on this game.

I was able to compile a list of all purchases from invoices and put them in a PDF, which is public and you can see it or download by clicking here. Here is a snapshot of the file:

In total, here is the amount spent in three currencies:


Thursday, December 6, 2018

About joining the Google Advanced Protection Program

I'm very cautious (and paranoid) about the security of my Google account. I constantly take drastic measures to minimise the risk of being the victim of social engineering and other related attacks.

There are a lot of the measures I take to ensure a minimal risk, one of which is: multi-factor authentication. I am an extremely strong advocate of multi-factor authentication and I believe that just having a 'password' will make any account highly vulnerable to attacks.

I have ditched server companies and closed many related financial-related accounts for not providing multi-factor authentication.

Around two years ago, I had made the decision to use a security key to secure my Google account. It was a huge security step I've taken. At that time, I shut down the ability to use my phone number as a two-step authentication method. I carried my security key everywhere around.

However, it was impossible to login to some apps like the Mail app on iOS and macOS (Because the security key works only with Google Chrome). So, I used to use recovery codes which I had generated before adding the security key.

However, the existence of those recovery codes at the end made me uncomfortable. Even, the ability to generate them had me confused. I wanted my Google account to be accessible only via Security Key.

Fast-forward two years later, Google has a program called: Google Advanced Protection Program. It does exactly what I wanted (with extra stuff as well). Here is a video which explains what the program is:

First, it would be impossible to login on a new computer without possession of the security keys. No backup multi-factor authentication or backup codes will be available.

Second, most non-Google apps won't be able to access Gmail and Drive data. There are thousands of apps on the iOS and Android store which request access to this data to accomplish one task or another (Such saving files to Google Drive or Managing Email). I will never be able to use my Google account on such apps. This might prevent me from accessing a lot of services and apps, but for me, the security is more valuable than the usability.

Third, I won't be able to use my account to login to apps which don't have two-factor authentication.

And, finally, if I lose access to both of my security keys, account recovery will take days to process. Google would need to verify a lot of data and a human-check needs to happen:

More importantly, as per confirmation email received, new security features will be added in the future to stay up-to-date:

Anyone can join this program, all you need to do is order a specific set of two security keys, for me those are the keys I bought:


Monday, November 5, 2018

University email accounts lack security and privacy

We should not forget that University emails are disposable, non-permanent and most importantly non-private. They should be treated with a lot of cautiousness, and distrust.

  • I have had university emails from the:
    • Lebanese American University (Permanent Email)
    • American University of Beirut (Temporarily for 1 year) 
    • Haigazian University (Permanent Email)
    • University of Southampton
    • University of Oxford
I often see my classmates, university researchers and instructors use their university emails to share private information such as emails with friends and uploading photos. Some of them use it as their primary email to sign up for Paypal and Social Media Apps (Facebook, Twitter, etc...).

This is often associated with two issues: breach of university password credentials and employee misuse.

Most universities use the same email password to authenticate to a wide range of University services, such as University Internet Services, Moodle/Blackboard access, Banner access and other endless services.

Just like any other software system in the world, those systems are not immune from breaches and in fact, they could have less scrutiny. There are hundreds of innovative ways an attacker can expose and obtain your university password.

You need to assume that this is entirely possible and make sure your email contains only trivial material that you don't give a fuck about.

What makes the situation worse, is that university email services of Office365 do not offer any multi-factor authentication feature. This has been the case for me for all the 5 different university emails I've used in the future. This was being discussed during my admission interview with Oxford University and it seems to be a current security problem.

As for the employee misuse problem, you would be surprised how easy it would be for University IT Staff to secretly gain access to your email and read every single email you've sent and received.

I have even spoken to IT officers/employees from the universities listed above and many of them illustrated to how easy the process of accessing an email is.

University emails should only be used for information that isn't sensitive and has insignificant value, examples include class assignments - communication with a supervisor or an instructor and communication with university staff. 

Similarly, any storage provided by University services such as OneDrive should only be used to store trivial academic material as well.

Personal email accounts (such as Gmail) should be used for any personal emails or files you have.


Tuesday, October 9, 2018

Dive Project is finally completed after 8 months of work

diveProject ( is a small non-profit academic project which aims to digitalize, organize, store and host all (or most) of the academic material that I've had during my undergraduate and graduate studies. Course material such as lectures, projects, academic papers or other would be included. diveProject also includes projects developed during my studies which have been developed:

Where are the files?

Projects with a large amount of coding have been uploaded to GitHub and linked from within the website, whereas the static files (Word, PowerPoint or PDF documents or other) have been uploaded and stored on a cloud bucket provided by the Google Cloud Platform (Accessible from this domain:

How is the website structured?

Apart from the main homepage, the website has a 'courses' page with a list of all courses (or modules). Each course title can be clicked and has his own separate page.

How it was it made?

The website application itself is hosted by GitHub and is a heavily modified version of a Github Pages template for academic websites. The template I've used was forked (then detached) by Stuart Geiger from the Minimal Mistakes Jekyll Theme, which is © 2016 Michael Rose and released under the MIT License.

On the other side, a small Python script was written to upload and format the academic files that were download from Google Drive. The Python script is called and is available in the repository, here is a snippet:

Open Source or Closed Source?

The source code of diveProject is open-source and it can be found on this URL here: There is no guarantee the source code stays open and public but it is expected to stay open source at the moment.

How much time it took?

I started on this project at Southampton University during a class. According to GitHub, the course pages have been being edited for about 7-8 months ago, here is a snapshot below:

Drawing the red line...

Copyrighted files such as books and research papers were not uploaded nor included in this project. Other confidential or sensitive files (mostly belonging to other classmates) were not included either. 

Moving on...

More files will be uploaded from my studies at Oxford. Meanwhile, I'll be taking a small break from this project.


Wednesday, October 3, 2018

12 Things I loved about The University of Southampton

I have completed my MSc in Computer Science at the University of Southampton (from September 2017 until September 2018) and my experience has been really great, here are the things I loved the most about the university.

Free Uni-Link Buses

My accommodation at Wessex Lane Halls provided me with a free uni-link bus pass (blue card) which you can use any day during your studies. The buses are excellent and are connected to almost every place in the city (Airport, City Center, Halls, University Campuses, etc...). Often, there is a bus every 8 minutes and the timetable is posted on Google Maps, website and printed on the stop. The buses have wifi and USB chargers and very comfy. They have recently upgraded their buses with new low emission buses which is quite remarkable.

Accommodation Catering 

I have had excellent catering for 9 months, which allowed me to save money, lose weight and eat healthy food. Two meals were provided per day: Breakfast (7:30 am until 10:00 am) and Lunch (5:00 pm until 7:00 pm). I have had full English breakfast almost daily and enjoyed new British and non-British meals.

Internet Access 

The Internet Access was a great relief to me and allowed me to be immensely productive. You get connected to 'eduroam' network which will be available in all campus, university accommodation and sometimes across the city as well. As you'd expect, the Internet is very fast (somewhere around 200 mbps) and is not limited (as long as you don't abuse it).

Student Services Center  

The Student Services Center provides any type of support you need. You don't have to look for specific university offices in order to get the support you need. You can phone or email, and the support staff will guide or help you. It was very convenient and I have used that very often. They can answer 80 per cent of queries and can help with questions about accommodation, fees, finance, visas and ID cards. They can also process payments for tuition and accommodation fees.

The Beautiful Campus 

I have been into two campuses: Highfield Campus and Boldrewood Campus. Highfield has many innovative buildings, lively arts venues, and great sports and leisure facilities. It is a stunning place to work in a vibrant atmosphere. Highfield has a secret beautiful garden and facilities combined with tradition and modernity with spacious landscaped gardens.

Hartley Library 

This is the main library of the University of Southampton and I have spent a lot of time there! They have the library cafe which is very convenient to grab a quick snack, sandwich or coffee. They have numerous study rooms which could be booked and the usual resources any respectful library has.

My Supervisor 

Though I had issues with my original supervisor I have had the chance and honour to work later with Dr Reza Abdolbaghi who was my supervisor, mentor and programme leader and he supervised my thesis which was an industry project collaborated with Lloyd's Register. I have received excellent supervision, constant constructive feedback and met almost weekly with my supervisor.

Not Having Final Exams  

During my MSc, I have never undertaken any final exams because I had picked modules without final exams. This was incredible for me as I had the chance to focus on working on actual projects and coursework instead of having to cram slides and stress about having any final exams.

Not Strict About Attendance   

No module leader or instructor was strict or forced attendance. We were allowed not to show up, arrive late, or leave during the module. Although I personally showed up to all my lectures, I had no issues of missing classes when I had to attend my interview at Oxford or take some time off to work on my research proposal.

Marks Are Released on a fixed Date   

At the end of each term, we receive an email saying when we will get our grades (exact date and time), no hassle or delays in the release of the marks.  That means instructors or lecturers will have a specific time to release the marks. This allowed me to plan request of the transcript on a time to be able to send it to the universities I was applying to. 

Being part of ECS

Being an MSc Computer Science Student, I was part of the School of Electronics and Computer Science (ECS). ECS is regarded by the IET as having the "biggest and strongest department in the country in Electrical and Electronic Engineering." ECS was ranked 2nd in the UK in both Good University Guide published by the Times and the Complete University Guide published by the Independent. Computer Science was ranked 4th and 5th in the UK respectively.

The School is home to a number of notable staff including Sir Timothy Berners-Lee, inventor of the World Wide Web and Dame Wendy Hall, president of the Association for Computing Machinery, ex-president of the British Computer Society, and Co-Founding Director of the Web Science Research Initiative.

Sports and Wellbeing Center

The Sport and Wellbeing Center offers outstanding sports facilities and offers a comprehensive range of courses which offers watersports, swimming and fitness. The membership is not free though, which could be an issue for some. I have had exercised there and mostly swam during the summer.

Goodbye Southampton! It has been an honour being a student of the world-renowned School of Electronics and Computer Science, home of Sir Timothy Berners-Lee. You’ve given me the opportunity to connect with students and researchers from 20+ different countries and work with the smartest and brightest people. I had also the pleasure to collaborate with the talented innovation team from Lloyd’s Register during my thesis project. Thank you for making this unforgettable journey possible and I am proud to be an alumnus of the University of Southampton.