Blog‎ > ‎

Lean Startup, Successful Manager, Agile vs Waterfall, Cyptocat, Yahoo & Android password issue, Galois / Sophie Germain Counter Mode

posted Jun 17, 2012, 6:30 AM by Sami Lehtinen   [ updated Jul 23, 2016, 2:10 AM ]
Sorry, there's going to be pretty much stuff in this post. But I have just spent my time reading and reading, because my main WS is right now out of order. Also it's great choice for summer, to spent it outside. In Finland our winter is cold and dark, so when it's not cold and dark, it's better to be outside. Today it is raining, so here I am posting some light stuff.
  • Finished reading The Lean Startup and Becoming a Successful Manager (second edition) books. It was good stuff, I actually have been asking for measurable metrics for everything, but this just made me much sure about this thing.
    Another thing I personally have been fighting about over and over again, is should there be one big waterfall, several waterfalls followed by each other, as slow turn over iterative model. Or should we use fully agile methods with very short interations. I have found out that for many customers idea of using agile methods is absolute show stopper. But I think if they just would have faith to their supplier, it would provide better results and faster.
    Actually I have had just a few customers which did value this approach and it required them to have a very high trust to project manager.
    In most cases it's just the old way, where customer is asking how much THIS costs. And they're totally unable to provide any proper details about what THIS is. So as I could just go and ask how much boat, house, or car costs?
    This comes to things from successful manager, when scope of project isn't properly defined, it's very hard to say how long getting it done will take and how much it will cost. As we all know, project stake hoders just love delays and budget overruns. NOT.
  • I have had hardware issues. Display adapter from my work station stopped working reliably. I suspect CPU / Memory failure, because it still does "work" it just shows pretty random stuff on screen. I have already ordered new one, but it got me thinking if I should upgrade my workstation to something more powerful or maybe I should purchase ultra book. This far I have been very happy with desktop with two large high resolution screens. I'm not exactly sure if I would get used to laptop as primary work station. Hmm.
  • Cyptocat (crypto.cat) is interesting web chat app with strong cryptography. This is something I like, because using strong crypto releases service provider from content filtering requirements. We just pass this data, we don't know what it is, we can't provide you any info, and we can't do anything about it. I think it sounds a pretty good thing. Just like cyber lockers (like megaupload) shouldn't allow anything else than encrypted content to be uploaded. In that case they could just claim, that we don't have any knowledge or sight in to what is being delivered from our servers and actually we don't just care about it.
  • Android & Yahoo Mail, how following best practices can lead to problems. If you think each of these practices separately they all sound great.
    1. Require user input to be validated.
    2. Block IP addresses hammering service with invalid authentication data.
    3. If transaction fails, retry automatically.

    Well, now when you have seen the list, you must have guessed where it leads to.
    1. I change my password to new one.
    2. Android phone tries to check for new mail
    3. It fails and retries quickly several times
    4. Yahoo detects password guessing attack / service hammering and bans my IP
    5. Android doesn't allow me to set new password to email client, because it can't login and validate that the password is correct.

    It's it just great? All the good things turn to something bad. Of course I was able to work around this, by disabling automatic mail polling before changing password and then immediately updating it to phone. But I'm pretty sure that many regular users, might find them selves being in trouble with this.

  • Studied Opera Software's SPDY protocol review.
  • Studied and refreshed my memory about CDN networks. Especially about Akamai, Level3 and LimeLight. Just for fun, I don't think I'm going to need this knownledge anytime soon. But it's good to have basic knownledge up to date.
  • Cryptography as well as many other things are hard. When you really start studing topic, you'll just find out how little you know about it.  I just found out that I haven't ever head about Galois Counter Mode, but now I throughy studied it. It seems to be nice way to get crypto & auth in same package and rather efficietly. And newer alternative Sophie Germain Counter Mode.
I think this might be enough for one post. Now some light snack, and I'll be posting more. P.S. This is only new stuff. I got much longer backlog on my malfunctioning desktop.