Blog‎ > ‎

Gamification, MyData, Twitter, Docker, PyPy, Hidden Tor Server, Management, AI, Citizenfour

posted Jan 25, 2015, 3:40 AM by Sami Lehtinen   [ updated Jan 31, 2015, 8:47 PM ]
  • Read long article about benefits of Gamification
  • Developing mobile applications and utilizing mobile applications in business. Product Market Fit. Mobile is personal, always with you, real time, context aware, used when decisions are made, bi-directional, location aware, followed, social and connected with all the sensors. Simplicity is beautiful and beneficial. What are the features expected from great mobile application. How user should be guided to use the product, so separate instructions or manual isn't needed.MyData, mHealth, mPayments, Application Lifecycle Management, Continuous Integration, Automatic Testing, Version Control, Communication, Issue Management, Documentation.
  • Checked out: Pgcli 
  • Security stuff, crypto, key exchange, DH, ECDH, PFS (FS), authentication, (client & server), asymmetric & symmetric ciphers, message authentication (MAC), system hardening, traffic analysis resistance, playback attacks, storing keys securely, logging, monitoring, configuration management.
  • Checked out SSD interface NVM Express
  • Something different: Hamina-class missile boat & Stealth Ship
  • By implementing just the functionality that was required meant a much simpler system which lead to higher availability and reliability. Any way to win is a good way to win. - Over engineering adds complexity which can easily make systems less robust.
  • Studied New Datacenter networks and architectures including MinuteSort and flat datacenter storage and north-south, east-west traffic, a CLOS network topology.
  • How do 'new' CPU features affect code performance? Does it affect programmers?
  • Project management best practice steps: Initiative, Concept, Projection, Planning, Execution, Testing, Piloting, Production. At the very beginning it's important to validate business case, and bit later it's important to verify it. 
  • Something different: MLRS Tornado and it's load rockets
  • Excellent post: Why Remote Engineering Is So Difficult?
  • Started to use uBlock instead of AdBlock Plus. This reminded me about the fact that there aren't currently Finnish adblock filter list. I think there's need for such. Which lead to secondary question. What is the best line based collaboration tool? Like Wikipedia or Github, but much simpler to use, yet allowing guest posts, moderators (accept & confirm guest posts) and collaborators / contributors which can update content directly. As well as allows efficient downloading of raw content and history features. If there isn't such? Could there be global need for such in group of techies? I could write one easily. But I'm unfortunately already fully booked with my side projects so I don't want to start something new, unless it's a "sure hit".
  • Created my first realtime Twitter integration for one hobby project which still remains secret.
    Played with Docker. Checked out what it takes to create, share, download and run custom Docker containers. How data separation is done etc.
    So far I've used LXC for isolation, but it might be reasonable to use Docker. So if I rent heavy duty server for my systems, I would use Docker to run my systems and leave the host only as hardened virtualization platform. Yet LXC has provided this portability so I've been moving systems on and off servers easily into testing and staging environments, and so on. LXC also offered easy way to limit resources, but docker does it too. Actually Docker is using LXC anyway. - lxc-ls vs docker ps, cpu.shares
  • Had again long discussions about users which are so .... that it's practically impossible to get them to use proper passwords. Only solution so far, is giving users proper random password used as "authentication token", which they naturally can't change.If they want they can of course get new authentication token, which isn't user selectable. It has worked securing systems so far very well.
  • Best way to learn Docker is to Try It.
  • Want to learn JavaScript and play logic game at the same time? Try out Elevator Saga. This was excellent game for one evening, figuring out how to optimize elevator action. Yet it still lacked one feature which is being used by the most modern elevator systems. What's that? Well, it's the option to select right people into the car. Now the problem is that when you arrive at a floor, you'll get random set of floors which you have to visit (of course slightly narrowed down by the up and down button requests.). But especially on lowest floor, efficiency would go drastically up during high demand times if you could select that this elevator car should be filled only with people going to floors 11,12,13,14. Then straight up and efficient drop off and during trip down you could collect people going down or just to the lowest floor. Current version of the game doesn't allow this most efficient optimization trick. (15.1.2014) aka destination controlled elevators.
  • Want to learn Data Science and Python in your browser? Try out
  • Discussions about data privacy are getting interesting throughout the World, including Europe and Finland. Finland it's currently doing mass Internet surveillance. But some are demanding that it should be done, others say it shouldn't. In the news there has been mentions that in Finland police should also have access to all encryption keys and data. But these are hard things to balance out correctly and in some cases technically infeasible or basically impossible. Shoud Finland be privacy safe haven for data centers or should this be the ultimate police state where we don't have any secrets at all? Good luck balancing that out.
  • Tried PyPy with some of my (20+) Python projects. Even if many say it's "fully compatible", well it isn't. First issue will be third party binary libraries which all would require recompiling and potential tuning for PyPy. If there's a project which absolutely needs PyPy due to performance reasons, great. It'll be worth of it. But with projects which don't require PyPy there's no point of going through that trouble. Most of my projects run with standard CPython just fine on Windows and on Linux, yet using PyPy presented a problem.
    Based on this I posted this discussion into LinkedIn Python group: "I've been looking for PyPy and other ways of making Python runtime faster for a long time. Yet I'm using standard CPython all the time. Why? Even if it should be quite trivial to use PyPy, that's not the case. It's just like Python 2.X to 3.X it's trivial, yet it might require quite an effort.
    I tested about 20 of my projects with PyPy and only two of those did run without modifications. Most of projects hanged on thirdparty binary libraries (Windows). Which I don't have any intent to recompile to gain PyPy compability. As well as truth is that in most of cases the CPython isn't the performance bottleneck with x86 computers, it's databases or communication aka I/O bound parts.
    Any opinions, views, experiences around here?"
  • Helped one person to build layered hidden Tor service server solution. First all traffic is tunneled via Tor. Then it's tunneled from the Tor hidden service over SSH to the primary server. Primary server is connected to the internet over anonymous 4G connection. All that the final server needs is power and 4G network. Even at the final server, everything is isolated using virtualization. So it should be quite hard to find the actual server. The server location has nothing to do with the person administering it, so any traditional looking for connections won't work. It's also in an area, which got enough client density, so it's not trivial to look for it based on base station / sector information. It should be obvious that if the Tor relay gets raided, it's immediate hint simply to shut down the server and connections remotely. Everything on the server itself is encrypted, so if the system is powered down, it's completely worthless. All networking hops are also configured so that even if they gain full root access to the relay or the actual virtual host serving the final hidden service, it won't help them. The only way in and out is via Tor. No I don't know it's hidden service address, nor I know the SIM card, phone number, location or even the operator, I don't certainly have access to it after making preliminary configuration and testing that everything works. I really don't know what the server will be used for, if anything at all. All I said is that drop it somewhere populated where it can get powered up without the "hosting location" knowing anything about it at all if possible. Actually this makes hosting some ug services quite interesting, because those can be basically anywhere where there is mobile network and power available. After initial drop off, it's possible not to visit the site never again. Hardware is cheap and it will be eventually discovered, but at that point it's totally useless anyway. There are often many places where you can enter without authorization, gain access to power and hide a small server.
  • Managing projects & companies using information. Well, world is full of information, actually way too full. It's really important to utilize right analytic methods to trim the amount of data down into meaningful information. Many smaller companies operate on feeling base, without any actual data to show direction for their decision making. Another really important factor is quality of data. I've seen it so many times, garbage in, garbage out. After this comes the measuring, everything needs to be measured so we know how the changes we made affect things.
  • Had interesting meeting with a private cloud service provider. It seems that in some cases Microsoft licensing terms could make private cloud cheaper than public cloud. Otherwise it's hard to see how private cloud could provide benefits over public cloud with quite generic computing tasks.
  • About passwords and authentication. Isn't one authentication token enough? It's much safer than username and password, especially if user can freely select those and ruin the entropy in password.
    Here's one of the authentication tokens generated by my app: fwhBza5CJOhIU_F1. Yes, it's just like most of API keys you're going to see. You can't change it. You have to deal with it. Of course login information is saved, so you don't need to enter it unless you need to get in from new device. For most of users that seems to be fine. You can get new token using email recover if required. (This is due to the fact that service isn't "high security") if it would be more secure service, getting new token could require identification using official national online identification scheme (mobile or paper based OTP list). Which is very reliable, all banks and official authorities use it too.
  • What's the best hard drive by BackBlaze. Did I mention measuring this earlier? I guess I did. Here's great example what kind of results you can get if you just measure things. Without measuring, engineers would just say I think these drives are bad. But how bad? Here's the facts.
  • The road to superintelligence (AI Revolution) - It's very interesting to see when the future will be actually here.
  • Docker is excellent addition to my LXC / VirtualBox solutions. I think I'll use it quite often in future. I might even convert some of my LXC setups to Docker. But right now I don't see any reason to do so.
  • Watched Citizenfour.