Blog‎ > ‎


posted May 23, 2015, 11:00 PM by Sami Lehtinen   [ updated May 24, 2015, 12:34 AM ]
  • Checked out AgileZen - Yet another Kanban style project management software, with configurable tabs etc.
  • Had some (not so) fun maintaining age old randomly coded and 'grown' ASP projects which hasn't been properly refactored. - Sigh. Well, I got the job done. I just was going mad with absolutely inconsistent use of white space again. TABs, spaces, random indentation and so on. But I guess that's the "normal way" of source code managed by multiple persons.  More fun! It seems that some of the emails system sends are using templates stored in database, some of the messages are hard coded in source and some are in individual files. Actually after seeing the template code, I could write messages which cause the system to totally fail during template processing because code uses replace [FieldName] with field value. It's nice to read random code. Also SQL injections as well as XSS seems to be working well. All the classic fails.
  • Also hat some fun with age old MS SQL related project which uses ADO.
  • Studied Monotone Span Program (or MSP) which belongs into Secret Sharing Schemes.
  • Had long discussions how to utilized DHT for most efficient data distribution using Merkle Tree and inode like chaining of blocks until the final payload blocks have been located.
  • Spent several days in continuous integration planning meetings.
  • More or less interesting discussions with Cloud service providers. What kind of payment methods they support, do they provide monthly invoice, does money / service need to be prepaid. Does every service renewal produce invoice which needs to be processed by accounting. If you pre-pay something, do they require credit card information to allow automatic service renewal, why automatic service renewals can't be paid from the prepaid account and so on. Tons of questions. If I would be their product manager, I would fix these issues more or less immediately. When you pay something, you get invoice, then you get payment confirmation, and finally invoice which is paid which could be said being receipt. This invoice contains the VAT information. This is ok-ish, if you're managing a few servers, but if you got hundreds or more servers to manage this causes significant administrative burden. Some service providers issue separate invoice for each server every month. That's not a great way to deal with it either.
  • I'm also wondering why service provider assigns DNS name to every server, no that's not a problem. It's nice thing. But they only configure A record (IPv4) for it, even if server naturally got IPv6 too. Why they don't automatically assign AAAA (IPv6) record for the server name at the same time? They also set reverse PTR DNS record for IPv4, but for IPv6 you need to manually add it. Or of course you can use API for this. Yet, you can't add IPv6 PTR record without AAAA record and therefore you have to have separate domain for servers (again cheap, but still annoying). All this because they just won't assign IPv6 address directly to the servers DNS. It would be so nice to get AAAA and PTR automatically assigned without additional work.
    Their key account manager said that they're looking into these issues. But I wonder if they're really interested. Even if some of those problems are pretty silly.
  • Checked out SIIT translator (CLAT) and related Android CLAT - aka 464XLAT RFC 6877 and related NAT64, TAYGA
  • 5 of 5 starts IPv6 test
  • Found multiple bugs after late quick changes with LclBd project. I'll be fixing those on my summer vaction. It's great, because I'll get weeks job done in a day during rainy days.
  • Found interesting screenupdate bugs from Notepad++ project. I keep wondering how broken ALL software can be.
  • How Google smears out leap seconds
  • When doing prototypes I usually start with the hardest part which I might be worried if I can get it to work. Because when that's done, rest of the project is just "the usual boring work" and all the challenge was related to the key part which was being tested first.
  • Some popular torrent downloads are being clearly disturbed using Sybil attacks and fake peers as well as really slow peers delivering intentionally corrupted data. Yes all good old known ways to disturb DHT and inject fake peers which clients try to connect. As well as corrupting downloads via delivering corrupted data which causes hash check to fail, user feel that download is slow as well as causing the block to be re-downloded (hopefully from some other peer, which doesn't deliver corrupted version).
  • Reminded my self about BlueJay - The Law enforcement crime scanner
  • Tested ImDisk with Windows 2012 R2 server to create large ramdisk for old application which utilizes disk a lot and doesn't use RAM / disk cache properly (due to commits / flushes). Tasks which can be run safely as batch in RAM now work beautifully and really quickly. Much faster than with SSD. I've personally always disliked the way how Windows flushes files to disk when file handle is closed. It makes many tasks much slower on Windows than when running 100% similar code on Linux. If I want to fsync, I can call it. If I choose leave data to be flushed to disk by OS later when ever that is, then I don't just call fsync and deal with it.
  • Watched a few episodes of CSI Cyber in background just listening. It's quite entertaining... But just because it's so incredibly bad.
  • Internet of Things aka Internet of Targets will be absolute security nightmare, for sure. There's no way to avoid that as far as I know or can see right now. We've already seen this happening with WiFi networks and Wireless cameras and webcams. So it shouldn't be a surprise to anyone. Many clueless people will almost completely lose their privacy. Smarthome controlled and watched, monitored, used as relay to attack others by anyone anywhere. That's the future.
  • Something different? Boing X-37B, AEHF 
  • I'm wondering when uWSGI and Apache will get HTTP/2 support. It would be a nice feature now when it's standardized. Current mod_spdy implementation is not same as HTTP/2 as well as it's not being developed anymore. (see mod_h2)
  • Quickly checked out SIMON cipher and Speck cipher which are pretty simple and based on Feistel cipher, both are fast and pretty simple ciphers to implement.
  • Checked out Python HTML5Lib
  • When I studied backgrounds of the Reliable UDP, it was clear that RUDP was designed to be 'less effective and lighter' networking implementation than TCP. So in general it will perform worse than TCP.  Many people saying that TCP sucks, either don't understand TCP or have used huge amounts of time to fine tune their own UDP implementations. Like the stuff mentioned below with RFC 7323. It's not simple or easy task at all.
  • I really love DRY. Now when people ask my opinions I can often just quote from my G+ posts or from my blog. No need to re-explain stuff. I just wish that instead of using email, phone or IM people would update Wiki articles and so on. If there are questions related some topics, just update the documentation. Do not individually answer the person who asked for more information, just refer to the updated documentation. If you start answering people individually it will be bad choice and never ending task as well the documentation is going to still suck in future not answering the FAQ questions.
  • Read RFC 7323 - TCP Extensions for High Performance - WS, TS, PAWS, RTTM, replaces RFC 1323, Window Scale, Timestamps, rout-trip time measurement, protection against wrapped sequences, header prediction, IP fragmentation, duplicates, security, privacy.
  • Future of website optimization? Future of website optimization? (See: My quick thought dump about HTTP/2 specification) It's going to be even more complex stuff than so far. What are you going to push to clients, in what specific order and how different browsers, JavaScript libraries and HTTP/2 implementation handle that and so on. If you've been doing website optimization, you know it's already infinitely complex and this is just going to add one more layer to it. How many streams you should use, what's the optimum window size? Don't you know? How are your streams dependent on each other, how are those prioritized? Did you know that you can send response before even receiving a request? You don't need to tell the client to request something, you can just push it. Do you separate static cookies from volatile cookies into separate header fields? Doing so could improve compression. Did you know that data which you push_promise, must be cacheable and safe, otherwise it's protocol error. Also the client can refuse your push attempts, even if would be allowed by the connection settings agreed with the client.
    It's really worth of checking out and thinking deeply.  Or is it just so, that it's way too complex for most site administrators and they'll choose to use something like PageSpeed or Rocket Loader.
    Simply put, the webserver needs to know about your site a lot. It's just like optimizing CSS, JS and loading of other resources and executing those efficiently without blocking DOM parsing etc.
  • Also checked out hyper (HTTP/2, h2) client for Python and mod_h2 which is HTTP/2 module for Apache2. I also tested both of these libraries quickly and both seem to be doing their job well. Python library was really easy to use and configuring the Apache HTTP/2 module didn't take too long, because I already had 'perfect' HTTPS/SSL/TLS configuration on my server and I have used earlier SPDY with it.