posted Jan 25, 2015, 3:40 AM by Sami Lehtinen
updated Jan 31, 2015, 8:47 PM
- Read long article about benefits of Gamification.
- Developing mobile applications and utilizing mobile applications in business. Product Market Fit. Mobile is personal, always with you, real time, context aware, used when decisions are made, bi-directional, location aware, followed, social and connected with all the sensors. Simplicity is beautiful and beneficial. What are the features expected from great mobile application. How user should be guided to use the product, so separate instructions or manual isn't needed.MyData, mHealth, mPayments, Application Lifecycle Management, Continuous Integration, Automatic Testing, Version Control, Communication, Issue Management, Documentation.
- Checked out: Pgcli
- Security stuff, crypto, key exchange, DH, ECDH, PFS (FS), authentication, (client & server), asymmetric & symmetric ciphers, message authentication (MAC), system hardening, traffic analysis resistance, playback attacks, storing keys securely, logging, monitoring, configuration management.
- Checked out SSD interface NVM Express.
- GPGPU, CUDA, OpenCL
- Something different: Hamina-class missile boat & Stealth Ship
- By implementing just the functionality that was required
meant a much simpler system which lead to higher availability and reliability. Any way
to win is a good way to win. - Over engineering adds complexity which can easily make systems less robust.
- Studied New Datacenter networks and architectures including MinuteSort and flat datacenter storage and north-south, east-west traffic, a CLOS network topology.
- How do 'new' CPU features affect code performance? Does it affect programmers?
- Project management best practice steps: Initiative, Concept, Projection, Planning, Execution, Testing, Piloting, Production. At the very beginning it's important to validate business case, and bit later it's important to verify it.
- Something different: MLRS Tornado and it's load rockets
- Excellent post: Why Remote Engineering Is So Difficult?
- Started to use uBlock instead of AdBlock Plus. This reminded me about the fact that there aren't currently Finnish adblock filter list. I think there's need for such. Which lead to secondary question. What is the best line based collaboration tool? Like Wikipedia or Github, but much simpler to use, yet allowing guest posts, moderators (accept & confirm guest posts) and collaborators / contributors which can update content directly. As well as allows efficient downloading of raw content and history features. If there isn't such? Could there be global need for such in group of techies? I could write one easily. But I'm unfortunately already fully booked with my side projects so I don't want to start something new, unless it's a "sure hit".
- Created my first realtime Twitter integration for one hobby project which still remains secret.
with Docker. Checked out what it takes to create, share, download and
run custom Docker containers. How data separation is done etc.
I've used LXC for isolation, but it might be reasonable to use Docker.
So if I rent heavy duty server for my systems, I would use Docker to run
my systems and leave the host only as hardened virtualization platform.
Yet LXC has provided this portability so I've been moving systems on
and off servers easily into testing and staging environments, and so on.
LXC also offered easy way to limit resources, but docker does it too.
Actually Docker is using LXC anyway. - lxc-ls vs docker ps, cpu.shares
- Had again long discussions about users which are so .... that it's practically impossible
to get them to use proper passwords. Only solution so far, is giving
users proper random password used as "authentication token", which they naturally can't change.If they want they can of course get new authentication token, which isn't user selectable. It has worked securing systems so far very well.
- Best way to learn Docker is to Try It.
- Want to learn Data Science and Python in your browser? Try out DataQuest.io.
- Discussions about data privacy are getting interesting throughout the World, including Europe and Finland. Finland it's currently doing mass Internet surveillance. But some are demanding that it should be done, others say it shouldn't. In the news there has been mentions that in Finland police should also have access to all encryption keys and data. But these are hard things to balance out correctly and in some cases technically infeasible or basically impossible. Shoud Finland be privacy safe haven for data centers or should this be the ultimate police state where we don't have any secrets at all? Good luck balancing that out.
- Tried PyPy with some of my (20+) Python projects. Even if many say it's "fully compatible", well it isn't. First issue will be third party binary libraries which all would require recompiling and potential tuning for PyPy. If there's a project which absolutely needs PyPy due to performance reasons, great. It'll be worth of it. But with projects which don't require PyPy there's no point of going through that trouble. Most of my projects run with standard CPython just fine on Windows and on Linux, yet using PyPy presented a problem.
Based on this I posted this discussion into LinkedIn Python group: "I've been looking for PyPy and other ways of making Python runtime faster for a long time. Yet I'm using standard CPython all the time. Why? Even if it should be quite trivial to use PyPy, that's not the case. It's just like Python 2.X to 3.X it's trivial, yet it might require quite an effort.
I tested about 20 of my projects with PyPy and only two of those did run without modifications. Most of projects hanged on thirdparty binary libraries (Windows). Which I don't have any intent to recompile to gain PyPy compability. As well as truth is that in most of cases the CPython isn't the performance bottleneck with x86 computers, it's databases or communication aka I/O bound parts.
Any opinions, views, experiences around here?"
- Helped one person to build layered hidden Tor service server solution. First all traffic is
tunneled via Tor. Then it's tunneled from the Tor hidden service over
SSH to the primary server. Primary server is connected to the internet
over anonymous 4G connection. All that the final server needs is power
and 4G network. Even at the final server, everything is isolated using
virtualization. So it should be quite hard to find the actual server.
The server location has nothing to do with the person administering it,
so any traditional looking for connections won't work. It's also in an
area, which got enough client density, so it's not trivial to look for
it based on base station / sector information. It should be obvious that
if the Tor relay gets raided, it's immediate hint simply to shut down
the server and connections remotely. Everything on the server itself is
encrypted, so if the system is powered down, it's completely worthless.
All networking hops are also configured so that even if they gain full
root access to the relay or the actual virtual host serving the final
hidden service, it won't help them. The only way in and out is via Tor. No I don't know it's hidden service address, nor I know the SIM card, phone number, location or even the operator, I don't certainly have access to it after making preliminary configuration and testing that everything works. I really don't know what the server will be used for, if anything at all. All I said is that drop it somewhere populated where it can get powered up without the "hosting location" knowing anything about it at all if possible. Actually this makes hosting some ug services quite interesting, because those can be basically anywhere where there is mobile network and power available. After initial drop off, it's possible not to visit the site never again. Hardware is cheap and it will be eventually discovered, but at that point it's totally useless anyway. There are often many places where you can enter without authorization, gain access to power and hide a small server.
- Managing projects & companies using information. Well, world is full of information, actually way too full. It's really important to utilize right analytic methods to trim the amount of data down into meaningful information. Many smaller companies operate on feeling base, without any actual data to show direction for their decision making. Another really important factor is quality of data. I've seen it so many times, garbage in, garbage out. After this comes the measuring, everything needs to be measured so we know how the changes we made affect things.
- Had interesting meeting with a private cloud service provider. It seems
that in some cases Microsoft licensing terms could make private cloud
cheaper than public cloud. Otherwise it's hard to see how private cloud
could provide benefits over public cloud with quite generic computing
- About passwords and authentication. Isn't one authentication token enough? It's much safer than username and password, especially if user can freely select those and ruin the entropy in password.
Here's one of the authentication tokens generated by my app:
fwhBza5CJOhIU_F1. Yes, it's just like most of API keys you're going to see. You can't change it. You have
to deal with it. Of course login information is saved, so you don't need
to enter it unless you need to get in from new device. For most of users
that seems to be fine. You can get new token using email recover if
required. (This is due to the fact that service isn't "high security")
if it would be more secure service, getting new token could require
identification using official national online identification scheme
(mobile or paper based OTP list). Which is very reliable, all banks and
official authorities use it too.
- What's the best hard drive by BackBlaze. Did I mention measuring this earlier? I guess I did. Here's great example what kind of results you can get if you just measure things. Without measuring, engineers would just say I think these drives are bad. But how bad? Here's the facts.
- The road to superintelligence (AI Revolution) - It's very interesting to see when the future will be actually here.
- Docker is excellent addition to my LXC / VirtualBox solutions. I think I'll use it quite often in future. I might even convert some of my LXC setups to Docker. But right now I don't see any reason to do so.
- Watched Citizenfour.