Project Management, exFAT, SQL, PyTables, WiFi security, etc

Post date: Nov 23, 2013 2:58:47 PM

• I've been reading project management books, too many of those. Good thing is that I know that I know things, because most of those books won't turn up anything, which I wouldn't already know and even better, what I haven't already experienced!
• OpenPGP.js Helps for other threats, but doesn't help for others... I guess this is anyway progress towards generally more secure email. HTML5 local storage, secure? Hmm, there has been many discussions about that if it's secure or not, and & if JS crypto can be even secure. Not because there would be something wrong with JS as language, but is the "runtime environment" aka browser secure enough.
• Played a few hours with SQL Alchemy, PyTables and Python. Checked out Pandas documentation. I mostly just import, slightly process and reformat data before sending it forward. I don't currently have any use for these techniques currently, but it's good to have some understanding what can be used, if and when required.
• Singapore Free WiFi requires registration with all kind of private information. Yet their encryption is totally broken. In China (Bejing airport) situation was quite similar, all information including passport numbers are required, without proper crypto. Just great. No WiFi encryption, no HTTPS. Basically I just could easily hijack anyones account, if I just really would want to. Btw. I wonder what the Official Mobile Application Chinese internet connection app will really do. Has anyone thoroughly analyzed it? For actual screenshots, see he link below.
• When I tried to post this link to my LinkedIn account, it got corrupted everytime. Maybe LinkedIn doesn't want people linking to Google+?
• BGP routing attacks? Nothing new really, I remember that in early 90's it was quite normal that even data moving inside Finland started to loop via Stockholm or evern New York. I guess back then it wasn't attack, but effects to the end users were totally same. Data got routed via ridiculously long route, instead of getting short national route.
• Reminded my self about Merkle Tree. Hash chaining data blocks to tree and finally one hash. Used by Freenet, Gnunet and many many other solutions. Even if it's not hash based, this strongly reminded my about how inode's and datablock indirection works with Linux ext4.
• Ext4 Lazy Group Initialization is nice feature, makes initial formatting much faster.
• Studied and played with exFAT. Here's exFAT overview. With Ubuntu / Linux you can use these exfat-utils and exfat-fuse. I especially liked the fact that FAT chains are only used in case of fragmentation. Because free space is managed with free space bitmap, files can be marked only by using starting block and length. Excellent, no need to maintain expensive inode/fat tables for contiguous data.
• I got my new Google+ custom vanity url. For more information read support pages.
• Wondered this beautiful example of good code on Microsoft pages:
  • Do Until False = True
  • Set objProcess = colProcesses.NextEvent
  • If objProcess.TargetInstance.ProcessID = intPosID Then
  • Exit Do
  • End If
  • Loop
  • I think it might be a good idea to sleep at some point. Otherwise it's great way to get your multi-core server hogged up with long lasting spin locks! Code seems to be normal engineer code, it does work, but it doesn't make any real world sense anyway.
  • Actually I did manage to catch one engineer, who did same kind of stuff with one product, but in this case he was polling SQL table with endless loop. It was actually quite good production system preformance test. He managed to pull 18k SQL queries / second (QPS) out of the server. Before checking the code, I checked server performance stats and found out that it's getting hogged up. I asked guys what's wrong with it, and their answer was that we need faster server. Yeah right, just so typical answer from engineers. When ever something is slow, let's just get faster server, even if the real reason is just simply extremely bad code.
• Like this statement from one engineer: "Who needs system security, isn't it enough that we don't show options to the users?", so why make systems which prevent you from doing something. If we just don't tell you that you could do something else than the options shown on the screen. Classic security by obscurity approach!
• This is just so beautiful, x86 emulator written in JavaScript.
• Gartner: Top 10 Strategic Technology Trends For 2014 - Nothing new, it's all the same as earlier.
• Nice feature: "Google App Engine Version 1.8.6 - October 15, 2013 - A memcache size chart has been added to admin console's dashboard. Access it via the drop-down above the graph. The chart graphs memcache size over time enabling customers to determine when cache flush events occurred. This is a preview feature."
• Played with gnupg-2.1.0beta3 and it's ECC features. (RFC 6637)
• Other stuff read & listened:
  • Best practices for designing RESTful API
  • SHA-3 / Keccak in nutshell
  • How to design best userinterface
  • HDF5 FAQ
  • How Python became the language of choice for data science
  • Listened OWASP lessons, #94 Professor Daniel J. Bernstein (Crypto Worst Practices) and #95 Professor Bart Preneel (Crypto Basics)
  • Rapid Data Visualization, from Python to Browser - Andrew Montalenti @ PyData
  • MadeSafe routing
  • Checked out P2P social network called Nightweb
  • Linear quadratic estimation - Kalman Filter
  • Seagate’s Kinetic Open Storage Platform
  • A primer on elliptic curve cryptography
  • Secret Sharing
  • Information Dispersal Algorithm (Cleversafe)
  • Time-lock encryption
  • What's new in Python 3.4
  • Saucy Salamander release notes
  • Totally other stuff: Ocean thermal energy conversion, Pantsir-S1 and Continuous-rod warhead

I still got huge backlog, but at least now it's getting shorter and not longer.