R.A. Ray is a website designer and developer living and working in Plano, TX. (Site still under development.)

NCAAF - 16 Team Conference Scheduling

November 29th, 2012

Here’s an idea for a conference schedule structure that would definitively produce a conference champion to compete in a national playoff with other conference champions.

First, organize the conference into four four-team divisions. These could change on a rotating basis or be permanent. For argument’s sake let’s say VaTech and NCState have been added to the SEC and the divisions are permanent and based on geography.

Every team starts the season with two OOC game. These are mostly moot and only serve as tunes-up. Next, each team plays the other teams in their division twice - once at home and once on the road. At this point everyone has played eight games and has a bye week to allow for any games that need to be made up. We also now have divisional rankings:


  1. TAMC
  2. LSU
  3. Arkansas
  4. Mizzou


  1. Bama
  2. Ole Miss
  3. MSU
  4. Auburn


  1. Vandy
  2. UK
  3. UT
  4. NCState


  1. Florida
  2. Georgia
  3. USC
  4. VaTech

The final four games of the season are played in a tournament that will determine a 1-16 rank of the teams in the conference. The teams are seeded in such a way that divisional 1s play 4s and 2s play 3s. Also, no teams from the same division will be in the same 4-team group.

The groups will play out over two weeks resulting in 4 two-win teams, 8 one-win teams, and 4 two-loss teams. Bye/make-up week #2.

For the final two weeks the teams are reseeded into four groups again. The 4 two-win teams will play for spots 1-4. Four of the one-win teams will play for spots 5-8 and the other for 9-12. The two-loss teams will play for spots 13-16. So, it might look like this:

Week 1

  • TAMC - VaTech
  • Ole Miss - UT
  • Bama - NCState
  • LSU - USC
  • Vandy - Mizzou
  • MSU – Georgia
  • Florida – Auburn
  • Arkansas – UK

Week 2

  • TAMC (1-0) – Ole Miss (1-0)
  • VaTech (0-1) - UT (0-1)
  • Bama (1-0) – LSU (1-0)
  • NCState (0-1) – USC (0-1)
  • Vandy (1-0) – Georgia (1-0)
  • Mizzou (0-1) – MSU (0-1)
  • Florida (1-0) – Arkansas (1-0)
  • Auburn (0-1) - UK (0-1)

Week 3

  • TAMC (2-0) - Georgia (2-0)
  • Florida (2-0) - LSU (2-0)
  • Bama (1-1) - VaTech (1-1)
  • Ole Miss (1-1) - USC (1-1)
  • MSU (1-1) - Arkansas (1-1)
  • Vandy (1-1) - UK (1-1)
  • UT (0-2) - Mizzou (0-2)
  • NCState (0-2) - Auburn (0-2)

Week 4

  • TAMC (3-0) - Florida (3-0)
  • Georgia (2-1) - LSU (2-1)
  • Bama (2-1) - USC (2-1)
  • Ole Miss (1-2) - VaTech (1-2)
  • MSU (2-1) - Vandy (2-1)
  • Arkansas (1-2) - UK (1-2)
  • Mizzou (1-2) - NCState (1-2)
  • UT (0-3) - Auburn (0-3)

Final Rank

  1. TAMC (4-0)
  2. Florida (3-1)
  3. LSU (3-1)
  4. Georgia (2-2)
  5. Bama (3-1)
  6. USC (2-2)
  7. Old Miss (2-2)
  8. VaTech (1-3)
  9. MSU (2-2)
  10. Vandy (2-2)
  11. Arkansas (2-2)
  12. UK (1-3)
  13. NCState (2-2)
  14. Mizzou (1-3)
  15. UT (1-3)
  16. Auburn (0-4)

There are some obvious problems with this, both logistical (possibility of playing a team three times, week-by-week scheduling) and political (trying to even out home/away games). But, it was a fun exercise, and yes I have A&M winning the conference because of course I do.

Accuracy Authentication

August 21st, 2012

I had a crazy idea today for a two-factor authentication system that would be more user friendly that anything I’ve experienced so far. Not being a security expert, I figured it was worth putting up for the scrutiny of folks with bigger brains.

The Problem

Two-factor authentication is a Good Thing™. The idea is that in addition to a password (which could potentially be acquired by brute force or social engineering), a system also requires a second piece of user input to access an account. Access to this input is set up to be difficult or impossible for anyone other than the true account holder.

The problem is that every system I’ve used is either too easy to break (TD Ameritrade uses “security questions” that are researchable) or a pain to use (Google uses short number codes that get texted to your phone).

XKCD brought to our collective attention that long, real word phrases like, “monkey keyboards meteor cloud”, would tend to be more secure for passwords than strings of random characters. For me at least, phrases like that are only slightly more memorable than random text. I prefer full sentences, which is what Passpack encourages for its second authentication factor which seems to work pretty well, but introduces a UX problem: accuracy.

Say I’m trying to type a 50+ character sentence into a password input. I can’t see what I’m typing and the possibility of typos is massive. If the system requires 100% accuracy, as does Passpack, then users are being set up for a very frustrating experience. Getting it wrong, repeatedly, leads to anger which makes inaccuracy even more likely.

A Potential Solution

So why make a user get it exactly right every time? Wouldn’t 95% accuracy on a 50+ character phrase be enough? My thought is this: Use a password and a pass phrase together for log-in but don’t require 100% accuracy on the phrase.

Stored on the server would be the password hash (and salt or whatever) and an encrypted phrase. The plain text of the password is used as the encryption key for the phrase. Once you validate the password against the hash, you then use it to decode the stored phrase and then you compare that against the entered phrase using similar_text() or similar. If the entered phrase is 95% accurate or higher, the authentication passes. This allows for the honest typo but still necessitates knowledge of the phrase.

Here’s a quick, ugly POC: http://dev.robertadamray.com/accuracy-auth


I’m honestly curious to know if this is a good idea or if it would fail in a way obvious to a security expert. Let me know what you think on Twitter: @raray.



October 28th, 2011