Summer stuff: many books, studying: privacy & security & webapp development related stuff
Post date: Aug 12, 2012 6:37:13 PM
Phew, here's some more stuff I have done. I'm sure I forgot many things... I should blog weekly in future, to avoid these huge blobs. Items in this post aren't in any particular order, it's plain backlog dump.
- Checked out Cappucino. I think it's suitable for people writing HTML5 apps, with iOS / Objective-C background. I found it to be quite complex even for simple apps. I would prefer something like pyjs due my Python background.
- Finished reading: JS in ten minutes. Some parts were bit too deep JS stuff for me. I would prefer to think these problems on higher level. But generally I liked the concept.
- Studied: RFC 5054 - Using the Secure Remote Password (SRP) Protocol for TLS Authentication.
- Listened: OWASP netcast 84, DDoS Mitigation.
- Studied: Ebook WLAN Security (CSD) - Maintaining a secure wireless network and associated devices. Performing security audits to monitoring and tracking wireless and handheld devices and wireless technology for new threats and vulnerabilities.
- New book added to Kindle: The Principles of Product Development Flow: Second Generation Lean Product Development
- Studied: Everything you ever wanted to know about building a secure password reset feature - Glad that they also mentioned why pure email reset is super bad idea: "Whoever has access to your email now has access to any account that can be reset purely by receiving an email." - I personally do have perfect solution for password recovery questions, but I'm not going to tell it due security reasons.
- Studied: Studied elliptic curve cryptography ECC, difference between gnupg and gnupg2, DSA / RSA keys. It seems that DSA keys aren't recommended to be used anymore. Well, gnupg2 version 2.1.0 should have support for ECC encryption. It should be much better than RSA. Shorter keys and faster and more secure public key (PK) encryption.
- Studied: Autonomous Underwater Vehicles (AUV). And ofc ourse naturally tons of Curiosity rover stuff, space probe signal encoding, error correction etc, deep-space telecommunication. Encountered old stuff that I already knew, like Radioisotope Thermoelectric Generator (RTG), Inertial Measurement Unit (IMU), Reed-Solomon error correction, Bayer Filter etc.
- Studied: Studied "OAuth 3.0" and Hashcash, Parallel Computing - Which reminded me about my Java studied back in 1996... Volalite variables, Synchronized methods and of course Lock objects. Newer stuff is quite interesting and I don't know if there are any good working implementations out. Transactional memory, (TM) Software Transactional Memory (STM) and Automatic Mutual Exclusion (AME) for Python using PyPy.
- µTorrent is going to soon serve ads? - Sigh! Use Deluge instead.
- Studied super long article about RFID and differences between using LF and HF tags.
- Wrote one short business plan, but I can't tell more about it yet...
- Studied study: Reliably Erasing Data From Flash-Based Solid State Drives
- Studied TCP Fast Open: expediting web services - Nice, speeds up repeated (or parallel) tcp connections, but requires modifications to existing apps. So only a few apps will get the benefit. Just like with Ext4 persistent pre-allocation. It's just great, if it's being used. I have also noticed that many apps that really could and should use pre-allocation with NTFS, simply just do not use it, which leads to fragmentation which could be simply avoided by using pre-allocation. - key word: fallocate()
- Studied: Content-centric networking, lulz, it's kind like of re-inventing magnet links. But this is exactly why I like anonymous content storages with encrypting cache, like Freenet over Tor which hops data around without caching. If content is static, it's crazy not to cache it and starve network resources by retransmitting it again and again.
- Read lot of stuff about Mat Honan case, yeah. It happens and it sucks.
- Read article about Memory Access Patterns are important - Martin Thompson. Yup, seems to be pretty important stuff for performance, I have written about caching a lot, and this is excellent addition.
- Refreshed my memory about reading some basic documentation about Kademlia & DHT. This stuff is interesting, if I just would have time and case which needed it, I would like to write a working implementation.
Yeah, this is how I spend my summer. Luckily I have also had some time to bicycle. But when I'm walking, I'm always reading stuff from my Kindle.