posted Jan 19, 2014, 1:24 AM by Sami Lehtinen
updated Jan 18, 2015, 11:11 AM
- Do everything you can not to attach your self esteem to your startup (you’ll fail, but try anyway).
- Work in such a way that when the dust settles you can be proud of the choices you’ve made, regardless of the outcome.
- Here is one example of an ironic piece of waste: Sam Leffler's
graphics/libtiff is one of the 122 packages on the road to www/firefox,
yet the resulting Firefox browser does not render TIFF images. For
reasons I have not tried to uncover, 10 of the 122 packages need Perl
and seven need Python; one of them, devel/glib20, needs both languages
for reasons I cannot even imagine.
- Unixen—something that would take just a single flag to the ld(1)
command—the Peter Principle was applied and made it libtool's job
instead. The Peter Principle is indeed strong in this case—the source
code for devel/libtool weighs in at 414,740 lines. Half that line count
is test cases, which in principle is commendable, but in practice it is
just the Peter Principle at work: the tests elaborately explore the
functionality of the complex solution for a problem that should not
exist in the first place. Even more maddening is that 31,085 of those
lines are in a single unreadably ugly shell script called configure. The
idea is that the configure script performs approximately 200 automated
tests, so that the user is not burdened with configuring libtool
- This paper explores Tor’s vulnerability to traffic correlation attack
- Onion routing is vulnerable to an adversary who can monitor a user’s traffic as it enters and leaves the anonymity network
- Work by Murdoch and Danezis show that traffic correlation attack scan be done quite efficiently against Tor .
HTML5 vs Native
- If you have a unique service, e.g. a specialized enterprise app, HTML5
could be ideal, a convenient way to build quickly and portably. But if
you want your user experience to really excel, native is still king –
MongoDB (Kristina Chodorow)
- “MongoDB: The Definitive Guide by Kristina Chodorow and Michael Dirolf
(O’Reilly). Copyright 2010 Kristina Chodorow and Michael Dirolf,
978-1-449-38156-1.” - Whole book read, not many high lights becaue it's hard to find those things that especially should stand out from from this kind of large documentation. Generally indexing, cursors, queries, arrays, collections, backups, dumping and restoring, sharding, error handling, autosharding, shardkeys, schema, object mapping, etc.
- named blog.posts and a separate collection named blog.authors. This is
for organizational purposes only—there is no relationship between the
blog collection (it doesn’t even have to exist) and its “children.”
- "Internet Engineering Task Force (IETF) Phillip Hallam-Baker
Internet-Draft Comodo Group Inc. Intended Status: Standards Track
September 11, 2013 Expires: March 15, 2014 PRISM-Proof Security"
- Second there is currently no infrastructure for determining that an SMTP
service offers STARTTLS support or to validate the credentials
presented by the remote server.
- At present Internet communications are typically sent in the clear
unless there is a particular confidentiality concern in which case
techniques that resist active attack are employed. A better approach
would be to always use encryption that resists passive attack,
recognizing that some applications also require resistance to active
The Phantom Protocol
- "The Phantom Protocol Version: 0.82 2011-05-24 1(68) White Paper:"
- After all, this might not happen at all (especially judging from the
(un)success rate of various attackers trying to disrupt miscellaneous
controversial distributed networks on the Internet to this date).
- Theoretically Secure Anonymization
- Known Weaknesses In this section, some of the known weaknesses and
avenues of attacking the protocol will be presented and summarized.
Remote (Jason Fried)
- If you ask people where they go when they really need to get work done,
very few will respond “the office.” If they do say the office, they’ll
include a qualifier such as “super early in the morning before anyone
gets in” or “I stay late at night after everyone’s left” or “I sneak in
on the weekend.”
- Don’t believe us? Ask around. Or ask yourself: Where do you go when you
really have to get work done? Your answer won’t be “the office in the
- Is that overpriced apartment, the motorized sardine box, and your
cubicle really worth it still? Increasingly, we believe that for many
people the answer will be no.
- Every day this kind of remote work works, and no one considers it
risky, reckless, or irresponsible. So why do so many of these same
companies that trust “outsiders” to do their critical work have such a
hard time trusting “insiders” to work from home?
- A stuffed backlog is a stale backlog.
- That’s just it—if you can’t let your employees work from home out of
fear they’ll slack off without your supervision, you’re a babysitter,
not a manager.
- In talking to a project manager without tech chops, programmers can
make a thirty-minute job sound like a week-long polar expedition,
- If you treat remote workers like second-class citizens, you’re all going to have a bad time.
- There’s also the annoyance of having every debate end with “John and I
talked about this in the office yesterday and decided that your idea
isn’t going to work.” F**k that.
- When New York City’s subway system was plagued by crime and vandalism in
the 1990s, New York’s Police Commissioner William Bratton forced his
commanders to use the subway. When they saw with their own eyes how bad
things were, change soon followed.
- If the company is full of people whom nobody trusts to make decisions
without layers of managerial review, then the company is full of the
- The fact is, it’s easy to turn work into your predominant hobby.
- The only reliable way to muster motivation is by encouraging people to work on the stuff they like and care about,
Software Defined Perimeter
- "CLOUD SECURITY ALLIANCE Software Defined Perimeter, December 2013"
- SDP mitigates the most common network-based attacks, including: server scanning, denial of service, SQL injection, OS & application vulnerability exploits, password cracking, man-in-the-middle, cross-site scripting (XSS), cross-site request forgery (CSRF), pass-the-hash, pass-the-ticket, and many others (see NIST, SANS, and more).
That's all highlights from my Kindle so far. But I'm sure there will be more. I'm now using 1-2 hours daily to read more stuff.